GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-10 13:52:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST500LT012-9WS142 rev.0001LVM1 465,76GB Running: uvvrvjk5.exe; Driver: C:\Users\Karol\AppData\Local\Temp\awlcypod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000dfa00 7 bytes [00, 0C, 7E, 01, 00, B1, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff960000dfa08 7 bytes [01, 0A, C0, FF, 00, 66, DB] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\smss.exe[348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\csrss.exe[536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\wininit.exe[648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\csrss.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\winlogon.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\lsass.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\system32\atiesrxx.exe[980] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007fb37401b32 4 bytes [40, 37, FB, 07] .text C:\WINDOWS\system32\atieclxx.exe[1108] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007fb37401b3a 4 bytes [40, 37, FB, 07] .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[1304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\System32\spoolsv.exe[1628] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[1684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 55, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 55, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 55, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 55, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 84, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 84, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 84, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 84, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1940] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 32, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 32, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 32, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 32, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1128] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\CxAudMsg64.exe[1400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\dashost.exe[1456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, E5, 00, 00, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, E5, 00, 00, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, E5, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, E5, 00, 00, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\TSv\TSvr.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\svchost.exe[2164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\System32\svchost.exe[2164] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fb37401b32 4 bytes [40, 37, FB, 07] .text C:\WINDOWS\System32\svchost.exe[2164] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fb37401b3a 4 bytes [40, 37, FB, 07] .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\svchost.exe[2200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\System32\svchost.exe[2200] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fb37401b32 4 bytes [40, 37, FB, 07] .text C:\WINDOWS\System32\svchost.exe[2200] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fb37401b3a 4 bytes [40, 37, FB, 07] .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\taskhostex.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\system32\KERNEL32.DLL!GetExitCodeProcess + 58 000007fb3c9d747a 9 bytes {JMP QWORD [RIP-0x7fff7480]} .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb38461532 4 bytes [46, 38, FB, 07] .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3846153a 4 bytes [46, 38, FB, 07] .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3846165a 4 bytes [46, 38, FB, 07] .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\Explorer.EXE[2556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, FD, 00, 00, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, FD, 00, 00, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, FD, 00, 00, 00, 00, ...] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, FD, 00, 00, 00, 00, 00] .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\UWdMU\WdMan.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb38461532 4 bytes [46, 38, FB, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3846153a 4 bytes [46, 38, FB, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2844] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3846165a 4 bytes [46, 38, FB, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 48, 00, 00, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 48, 00, 00, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 48, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 48, 00, 00, 00, 00, 00] .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[1548] C:\Program Files\Microsoft Office 15\Root\Office15\outlrpc.dll!MAPIRevokeMoniker@4 + 657 00000000629d287c 4 bytes [95, 39, A8, 31] .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\SearchIndexer.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Windows\System32\WUDFHost.exe[4288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\SFK\SSFK.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb38461532 4 bytes [46, 38, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3846153a 4 bytes [46, 38, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3846165a 4 bytes [46, 38, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\System32\StikyNot.exe[2536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\Program Files\WinZip\FAH\FAHWindow64.exe[2784] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files\WinZip\WzPreloader.exe[4300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[5144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 8A, 00, 00, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 8A, 00, 00, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 8A, 00, 00, 00, 00, ...] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 8A, 00, 00, 00, 00, 00] .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe[5200] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 40, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 40, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 40, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 40, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 4E, 00, 00, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 4E, 00, 00, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 4E, 00, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 4E, 00, 00, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[5392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\Windows\System32\RuntimeBroker.exe[6124] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\wuauclt.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\servicing\TrustedInstaller.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe[3444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\AUDIODG.EXE[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, D3, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, D3, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, D3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, D3, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, EF, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, EF, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, EF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, EF, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 0D, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 0D, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 0D, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 0D, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, EE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, EE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, EE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, EE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\splwow64.exe[7712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, B2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, B2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, B2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, B2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\taskhost.exe[7332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhostŔ9[3292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007fb3e9b2c56 8 bytes [50, 04, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007fb3e9b2ca6 8 bytes [40, 04, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007fb3e9b2e06 8 bytes [60, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007fb3e9b2e56 8 bytes [60, 04, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007fb3e9b2e66 8 bytes [D0, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007fb3e9b2f16 8 bytes [10, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007fb3e9b2f46 8 bytes [A0, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007fb3e9b2f66 8 bytes [80, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007fb3e9b2fa6 8 bytes [D0, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007fb3e9b3026 8 bytes [C0, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 7 000007fb3e9b3047 7 bytes [03, 6F, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007fb3e9b3086 8 bytes [B0, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007fb3e9b30d6 8 bytes [E0, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007fb3e9b3247 8 bytes [20, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007fb3e9b3437 8 bytes [70, 04, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007fb3e9b3467 8 bytes [90, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007fb3e9b3577 8 bytes [E0, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007fb3e9b3597 8 bytes [40, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007fb3e9b3607 8 bytes [80, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007fb3e9b3697 8 bytes [A0, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007fb3e9b36b7 8 bytes [C0, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007fb3e9b36c7 8 bytes [20, 03, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 000007fb3e9b3768 7 bytes [04, 6F, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007fb3e9b3797 8 bytes [30, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007fb3e9b3aa7 8 bytes [D0, 01, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007fb3e9b3b67 8 bytes [40, 02, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007fb3e9b3b97 8 bytes [80, 04, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007fb3e9b3ba7 8 bytes [90, 04, 6F, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 000007fb3e9b4408 7 bytes [02, 6F, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\system32\taskhost.exe[6280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\Users\Karol\Downloads\FRST64.exe[7600] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb37401b32 4 bytes [40, 37, FB, 07] .text C:\Users\Karol\Downloads\FRST64.exe[7600] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb37401b3a 4 bytes [40, 37, FB, 07] .text C:\Users\Karol\Downloads\FRST64.exe[7600] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3bd8177a 4 bytes [D8, 3B, FB, 07] .text C:\Users\Karol\Downloads\FRST64.exe[7600] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb3bd81782 4 bytes [D8, 3B, FB, 07] .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\SYSTEM32\notepad.exe[8704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\SYSTEM32\notepad.exe[9112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb3e9b2c50 5 bytes JMP 000007fbbeb80450 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fb3e9b2ca0 5 bytes JMP 000007fbbeb80440 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb3e9b2e00 5 bytes JMP 000007fbbeb80360 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb3e9b2e50 5 bytes JMP 000007fbbeb80460 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb3e9b2e60 5 bytes JMP 000007fbbeb803d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fb3e9b2f10 5 bytes JMP 000007fbbeb80310 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb3e9b2f40 5 bytes JMP 000007fbbeb803a0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb3e9b2f60 5 bytes JMP 000007fbbeb80380 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb3e9b2fa0 5 bytes JMP 000007fbbeb802d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb3e9b3020 5 bytes JMP 000007fbbeb802c0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fb3e9b3040 5 bytes JMP 000007fbbeb80300 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fb3e9b3080 5 bytes JMP 000007fbbeb803b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb3e9b30d0 5 bytes JMP 000007fbbeb803e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb3e9b3241 5 bytes JMP 000007fbbeb80220 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb3e9b3431 5 bytes JMP 000007fbbeb80470 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb3e9b3461 5 bytes JMP 000007fbbeb80390 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb3e9b3571 5 bytes JMP 000007fbbeb802e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb3e9b3591 5 bytes JMP 000007fbbeb80340 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb3e9b3601 5 bytes JMP 000007fbbeb80280 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb3e9b3691 5 bytes JMP 000007fbbeb802a0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb3e9b36b1 5 bytes JMP 000007fbbeb803c0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb3e9b36c1 5 bytes JMP 000007fbbeb80320 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb3e9b3761 5 bytes JMP 000007fbbeb80400 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb3e9b3791 5 bytes JMP 000007fbbeb80230 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb3e9b3aa1 5 bytes JMP 000007fbbeb801d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb3e9b3b61 5 bytes JMP 000007fbbeb80240 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb3e9b3b91 5 bytes JMP 000007fbbeb80480 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb3e9b3ba1 5 bytes JMP 000007fbbeb80490 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb3e9b3bd1 5 bytes JMP 000007fbbeb802f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb3e9b3be1 5 bytes JMP 000007fbbeb80350 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb3e9b3c41 5 bytes JMP 000007fbbeb80290 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb3e9b3c91 5 bytes JMP 000007fbbeb802b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb3e9b3cc1 5 bytes JMP 000007fbbeb80370 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb3e9b3cd1 5 bytes JMP 000007fbbeb80330 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb3e9b3fe1 5 bytes JMP 000007fbbeb80430 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb3e9b41e1 5 bytes JMP 000007fbbeb80250 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb3e9b41f1 5 bytes JMP 000007fbbeb80260 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb3e9b4211 5 bytes JMP 000007fbbeb803f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb3e9b43f1 5 bytes JMP 000007fbbeb801e0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb3e9b4401 5 bytes JMP 000007fbbeb80200 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb3e9b4471 5 bytes JMP 000007fbbeb801f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb3e9b44e1 5 bytes JMP 000007fbbeb80410 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb3e9b44f1 5 bytes JMP 000007fbbeb80420 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb3e9b4501 5 bytes JMP 000007fbbeb80210 .text C:\WINDOWS\SYSTEM32\notepad.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fb3e9b4611 5 bytes JMP 000007fbbeb80270 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [656:680] fffff960009a45e8 Thread [1412:1540] 000000007444d6f0 Thread [1412:1556] 0000000077734f27 Thread [1412:1560] 00000000749cf28e Thread [1412:1568] 0000000076068064 Thread [1412:1808] 00000000749cf28e Thread [1412:1816] 0000000073ef4e10 Thread [1412:1820] 0000000073ef4050 Thread [1412:1964] 0000000074a14de8 Thread [1412:1972] 00000000773e4f62 Thread [1412:3028] 00000000749cf28e Thread [1412:3596] 0000000073ed96e0 Thread [1412:3600] 0000000073ed96e0 Thread [1412:3604] 0000000073ed96e0 Thread [1412:3608] 0000000073ed96e0 Thread [1412:3612] 0000000073ed96e0 Thread [1412:3616] 0000000073ed96e0 Thread [1412:3620] 0000000073eda750 Thread [1412:3624] 0000000073eda750 Thread [1412:3628] 0000000073ed9c30 Thread [1412:3632] 0000000073f3a910 Thread [1412:3636] 0000000073f396e0 Thread [1412:3640] 0000000073f39b10 Thread [1412:3644] 0000000073edcc40 Thread [1412:3648] 0000000073edcc40 Thread [1412:3652] 0000000073edcc40 Thread [1412:3656] 0000000073edcc40 Thread [1412:3660] 0000000073edcc40 Thread [1412:3664] 0000000073edcc40 Thread [1412:3668] 0000000073edc940 Thread [1412:3672] 00000000729b1080 Thread [1412:3680] 0000000072971c00 Thread [1412:3684] 0000000072976be0 Thread [1412:3688] 0000000072976be0 Thread [1412:3740] 0000000073ef5ee0 Thread [1412:3744] 0000000073edc090 Thread [1412:3752] 00000000749cf28e Thread [1412:3764] 0000000072127419 Thread [1412:3768] 0000000073f5c5c0 Thread [1412:3780] 0000000074a14de8 Thread [1412:3784] 0000000074a14de8 Thread [1412:3788] 0000000074a14de8 Thread [1412:3792] 0000000074a14de8 Thread [1412:3800] 0000000073e78d10 Thread [1412:3804] 00000000729b16d0 Thread [1412:3812] 00000000725fad70 Thread [1412:3824] 00000000749cf28e Thread [1412:3836] 00000000740bf060 Thread [1412:3840] 00000000740c1ff0 Thread [1412:3844] 00000000749cf28e Thread [1412:3900] 00000000749cf28e Thread [1412:3916] 00000000749cf28e Thread [1412:3964] 00000000749cf28e Thread [1412:3976] 00000000749cf28e Thread [1412:3980] 00000000749cf28e Thread [1412:3988] 00000000749cf28e Thread [1412:4020] 0000000070abb790 Thread [1412:4028] 00000000749cf28e Thread [1412:6456] 00000000749cf28e Thread [1412:7112] 0000000077734f27 Thread [1412:6596] 0000000077734f27 Thread [1412:8228] 0000000077734f27 Thread [1412:4064] 0000000077734f27 Thread [1412:6504] 00000000749cf28e Thread [1412:4532] 0000000077734f27 Thread [1412:6972] 00000000749cf28e Thread [1412:6724] 00000000749cf28e Thread [1412:6208] 00000000749cf28e Thread [1412:3588] 00000000749cf28e Thread [1412:8080] 00000000749cf28e Thread [1412:8980] 00000000749cf28e Thread [1412:1544] 000000005c8962d0 Thread [1412:7724] 000000005c8962d0 Thread [1412:7484] 000000005c8962d0 Thread [1412:6708] 000000005c8962d0 Thread [1412:8896] 0000000077734f27 Thread [1412:6792] 000000007505a785 Thread [1412:8272] 00000000737b74e5 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\UWdMU\WdMan.exe (*** suspicious ***) @ C:\ProgramData\UWdMU\WdMan.exe [2688] (TFuns/TFuns LIMITED)(2015-12-09 08:00:58) 0000000000930000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [1548] 0000000003950000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [1548] 0000000067060000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [1548] 0000000072220000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [1548] 000000005ed80000 Process C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (FILE NOT FOUND) 0000000000ba0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\PYTHON27.DLL (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (Python Core/Python Software Foundation)(2015-10-02 07:02:44) 000000001e000000 Library c:\users\karol\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyhttiw.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200](2015-12-10 08:30:55) 0000000072340000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000005a830000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\icuin55.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (ICU I18N DLL/The ICU Project)(2015-07-31 06:54:12) 000000004a900000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\icuuc55.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (ICU Common DLL/The ICU Project)(2015-07-31 06:54:12) 0000000005d50000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\icudt55.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (ICU Data DLL/The ICU Project)(2015-07-31 06:54:12) 0000000058f70000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000005b510000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b060000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005aec0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057cb0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057a60000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000577f0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5WebChannel.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-31 06:54:12) 0000000057710000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000576e0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000575b0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057120000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000570d0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:30) 0000000056dd0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\plugins\imageformats\qgif.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-10-02 07:02:44) 0000000063960000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:30) 0000000056d90000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200](2015-08-13 06:54:09) 0000000055d60000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200](2015-03-04 21:45:30) 0000000055c90000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200](2015-08-13 06:54:09) 0000000053ab0000 Library C:\Users\Karol\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Karol\AppData\Roaming\Dropbox\bin\Dropbox.exe [5200](2015-08-13 06:54:09) 0000000053aa0000 Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_1.8.0.111_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\WINDOWS\syswow64\wwahost.exe [6896] (Microsoft Skype/Microsoft Corporation)(2013-07-24 06:43:53) 000000000f630000 Library X:\PolkaSQL\bin\Polka70s.exe (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000400000 Library X:\PolkaSQL\bin\sar240.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000250000 Library X:\PolkaSQL\bin\txdb130.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000020000 Library X:\PolkaSQL\bin\pldbsa30.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000280000 Library X:\PolkaSQL\bin\rs163210.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 00000000002b0000 Library X:\PolkaSQL\bin\fkfm160.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 00000000002d0000 Library X:\PolkaSQL\bin\ffsq240.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 00000000002e0000 Library X:\PolkaSQL\bin\expl1301.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000300000 Library X:\PolkaSQL\bin\expl170.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000320000 Library X:\PolkaSQL\bin\expl190.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000340000 Library X:\PolkaSQL\bin\db2t130.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000370000 Library X:\PolkaSQL\bin\t2db130.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000390000 Library X:\PolkaSQL\bin\ODLAxis.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 00000000003a0000 Library X:\PolkaSQL\bin\InitODBC.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 00000000003c0000 Library X:\PolkaSQL\bin\PKZIPDLL.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000a80000 Library X:\PolkaSQL\bin\pldb3212.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000ac0000 Library X:\PolkaSQL\bin\ffsq130.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000c20000 Library X:\PolkaSQL\bin\pldbfx17.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000c30000 Library X:\PolkaSQL\bin\ffsq181.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000c50000 Library X:\PolkaSQL\bin\ffsq191.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000000ce0000 Library X:\PolkaSQL\bin\PSTR190.DLL (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000006a20000 Library X:\PolkaSQL\bin\PDWX190_1024.DLL (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000006f70000 Library X:\PolkaSQL\bin\PLMNS190.DLL (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 000000000ce10000 Library X:\PolkaSQL\bin\PUPS30P.dll (*** suspicious ***) @ X:\PolkaSQL\bin\Polka70s.exe [3292] 0000000007d80000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] 00000000049d0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] 0000000067060000 Library C:\Users\Karol\AppData\Local\assembly\dl3\51X5BCBB.XOD\CQ486R54.TL2\6284eb26\00947add_5ca8d001\WinZipExpressForOffice.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] (FILE NOT FOUND) 0000000008a70000 Library C:\Users\Karol\AppData\Local\assembly\dl3\51X5BCBB.XOD\CQ486R54.TL2\4ba2a7a1\00947add_5ca8d001\AddinExpress.MSO.2005.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] (FILE NOT FOUND) 0000000016700000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] 0000000050090000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] 0000000077dd0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [9092] 00000000620b0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----