GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-11 12:16:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB Running: v5cdjk4o.exe; Driver: C:\Users\Aga\AppData\Local\Temp\fxtoapog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\ntoskrnl.exe!KiCpuId + 988 fffff8024426a3dc 1 byte [31] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\System32\smss.exe[356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\csrss.exe[496] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\wininit.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\System32\svchost.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\System32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f84d03177a 4 bytes [03, 4D, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f84d031782 4 bytes [03, 4D, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1228] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\conhost.exe[1244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\System32\spoolsv.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[1880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\CxAudMsg64.exe[1276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Elantech\ETDService.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\dashost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f84d03177a 4 bytes [03, 4D, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f84d031782 4 bytes [03, 4D, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f843b51b32 4 bytes [B5, 43, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f843b51b3a 4 bytes [B5, 43, F8, 07] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f84d03177a 4 bytes [03, 4D, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f84d031782 4 bytes [03, 4D, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[2448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f84d03177a 4 bytes [03, 4D, F8, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2548] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f84d031782 4 bytes [03, 4D, F8, 07] .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\svchost.exe[2840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\SearchIndexer.exe[2864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Windows\System32\WUDFHost.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f84d03177a 4 bytes [03, 4D, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f84d031782 4 bytes [03, 4D, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\AUDIODG.EXE[4680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\csrss.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\System32\WinLogon.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\System32\dwm.exe[4168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f843b51b32 4 bytes [B5, 43, F8, 07] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4724] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f843b51b3a 4 bytes [B5, 43, F8, 07] .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\taskeng.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\system32\taskhostex.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\WINDOWS\Explorer.EXE[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4436] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[612] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f84f0e2c90 5 bytes JMP 000007f8cf2b0460 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f84f0e2ce0 5 bytes JMP 000007f8cf2b0450 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f84f0e2e40 5 bytes JMP 000007f8cf2b0370 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f84f0e2e90 5 bytes JMP 000007f8cf2b0470 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f84f0e2ea0 5 bytes JMP 000007f8cf2b03e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f84f0e2f50 5 bytes JMP 000007f8cf2b0320 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f84f0e2f80 5 bytes JMP 000007f8cf2b03b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f84f0e2fa0 5 bytes JMP 000007f8cf2b0390 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f84f0e2fe0 5 bytes JMP 000007f8cf2b02e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f84f0e3060 5 bytes JMP 000007f8cf2b02d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f84f0e3080 1 byte JMP 000007f8cf2b0310 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f84f0e3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f84f0e30c0 5 bytes JMP 000007f8cf2b03c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f84f0e3110 5 bytes JMP 000007f8cf2b03f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f84f0e3281 5 bytes JMP 000007f8cf2b0230 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f84f0e3471 5 bytes JMP 000007f8cf2b0480 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f84f0e34a1 5 bytes JMP 000007f8cf2b03a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f84f0e35b1 5 bytes JMP 000007f8cf2b02f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f84f0e35d1 5 bytes JMP 000007f8cf2b0350 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f84f0e3641 5 bytes JMP 000007f8cf2b0290 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f84f0e36d1 5 bytes JMP 000007f8cf2b02b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f84f0e36f1 5 bytes JMP 000007f8cf2b03d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f84f0e3701 5 bytes JMP 000007f8cf2b0330 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f84f0e37a1 5 bytes JMP 000007f8cf2b0410 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f84f0e37d1 5 bytes JMP 000007f8cf2b0240 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f84f0e3ae1 5 bytes JMP 000007f8cf2b01e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f84f0e3ba1 5 bytes JMP 000007f8cf2b0250 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f84f0e3bd1 5 bytes JMP 000007f8cf2b0490 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f84f0e3be1 5 bytes JMP 000007f8cf2b04a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f84f0e3c11 5 bytes JMP 000007f8cf2b0300 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f84f0e3c21 5 bytes JMP 000007f8cf2b0360 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f84f0e3c81 5 bytes JMP 000007f8cf2b02a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f84f0e3cd1 5 bytes JMP 000007f8cf2b02c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f84f0e3d01 5 bytes JMP 000007f8cf2b0380 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f84f0e3d11 5 bytes JMP 000007f8cf2b0340 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f84f0e4021 5 bytes JMP 000007f8cf2b0440 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f84f0e4221 5 bytes JMP 000007f8cf2b0260 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f84f0e4231 5 bytes JMP 000007f8cf2b0270 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f84f0e4251 5 bytes JMP 000007f8cf2b0400 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f84f0e4431 5 bytes JMP 000007f8cf2b01f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f84f0e4441 5 bytes JMP 000007f8cf2b0210 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f84f0e44b1 5 bytes JMP 000007f8cf2b0200 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f84f0e4521 5 bytes JMP 000007f8cf2b0420 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f84f0e4531 5 bytes JMP 000007f8cf2b0430 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f84f0e4541 5 bytes JMP 000007f8cf2b0220 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f84f0e4651 5 bytes JMP 000007f8cf2b0280 .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f846dd1532 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f846dd153a 4 bytes [DD, 46, F8, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[948] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f846dd165a 4 bytes [DD, 46, F8, 07] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\System32\drivers\pci.sys[ntoskrnl.exe!IofCallDriver] [fffff880014f2de4] \SystemRoot\System32\Drivers\sptd.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8003cb02c0 Device \FileSystem\fastfat \Fat fffffa8003d5d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C4355A80-B496-416B-A330-66D92A0A0F5E} fffffa8003ca02c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8003c9c2c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa8003cb22c0 Device \Driver\cdrom \Device\CdRom0 fffffa8003ca62c0 Device \Driver\iaStorA \Device\00000035 fffffa8003cb22c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa8003c9c2c0 Device \Driver\iaStorA \Device\00000036 fffffa8003cb22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{07AE8ED9-1ABF-465D-9789-CF3B967A8F9F} fffffa8003ca02c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8003c9c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B970DA86-D1D9-4AF5-A231-EBAD6D4EA457} fffffa8003ca02c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8003ca02c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa8003c9c2c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa8003cb22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{90FA99EC-209D-44EF-B66C-F29590731A9E} fffffa8003ca02c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003cb22c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa8003cb22c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b7b740] fffffa8005b7b740 Trace 3 CLASSPNP.SYS[fffff88000f55e0a] -> nt!IofCallDriver -> \Device\00000035[0xfffffa8004609060] fffffa8004609060 Trace \Driver\iaStorA[0xfffffa800460dc00] -> IRP_MJ_CREATE -> 0xfffffa8003cb22c0 fffffa8003cb22c0 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [4864:3324] fffff960009485e8 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\5WdM5\WdMan.exe (*** suspicious ***) @ C:\ProgramData\5WdM5\WdMan.exe [2512] (TFuns/TFuns LIMITED)(2015-12-09 08:24:14) 0000000000cb0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----