GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2015-01-15 17:33:35 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000022 ST500LM012_HN-M500MBB rev.2AR10002 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Jakub\AppData\Local\Temp\kxldypog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\System32\smss.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\csrss.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\wininit.exe[636] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\csrss.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\winlogon.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\lsass.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\dwm.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\System32\svchost.exe[480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\igfxCUIService.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\System32\svchost.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\Hpservice.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\System32\spoolsv.exe[1864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[1892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files\Bonjour\mDNSResponder.exe[1092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\dashost.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[2828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\svchost.exe[3016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\System32\svchost.exe[3176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3416] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\atieclxx.exe[3580] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\DllHost.exe[4060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\taskhostex.exe[2932] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\Explorer.EXE[2924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\igfxEM.exe[3724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\igfxHK.exe[1528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\igfxTray.exe[4024] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Windows\System32\RuntimeBroker.exe[4432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\ace race\bin\acerace.PurBrowse64.exe[6120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\ace race\bin\acerace.PurBrowse64.exe[6120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\ace race\bin\acerace.PurBrowse64.exe[6120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\ace race\bin\acerace.PurBrowse64.exe[6120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\system32\conhost.exe[6128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\ace race\bin\acerace.BrowserAdapter64.exe[3740] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\ace race\bin\acerace.BrowserAdapter64.exe[3740] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\ace race\bin\acerace.BrowserAdapter64.exe[3740] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\ace race\bin\acerace.BrowserAdapter64.exe[3740] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\WINDOWS\System32\Taskmgr.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce20218f0 16 bytes [50, 48, B8, 18, 35, EB, C9, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 21 bytes {PUSH RAX; MOV RAX, 0x7ff7ca68e518; MOV [RSP], RAX; RET ; JMP 0xffffffff8012eb60} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 21 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5580] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 21 bytes {PUSH RAX; MOV RAX, 0x7ff7ca68e518; MOV [RSP], RAX; RET ; JMP 0xffffffff8012eb60} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 21 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 21 bytes {PUSH RAX; MOV RAX, 0x7ff7ca68e518; MOV [RSP], RAX; RET ; JMP 0xffffffff8012eb60} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 21 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 21 bytes {PUSH RAX; MOV RAX, 0x7ff7ca68e518; MOV [RSP], RAX; RET ; JMP 0xffffffff8012eb60} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 21 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 5 bytes JMP 00007ffd62150370 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffce2021920 5 bytes JMP 00007ffd62150470 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 5 bytes JMP 00007ffd62150380 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffce20227c0 5 bytes JMP 00007ffd62150340 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Windows\System32\skydrive.exe[5988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 21 bytes {PUSH RAX; MOV RAX, 0x7ff7ca68e518; MOV [RSP], RAX; RET ; JMP 0xffffffff8012eb60} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 21 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffce2021720 5 bytes JMP 00007ffd62150460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffce2021770 5 bytes JMP 00007ffd62150450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes JMP 00007ffd62150370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 21 bytes {PUSH RAX; MOV RAX, 0x7ff7ca68e518; MOV [RSP], RAX; RET ; JMP 0xffffffff8012eb60} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffce2021930 5 bytes JMP 00007ffd621503e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffce20219e0 5 bytes JMP 00007ffd62150320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce2021a10 5 bytes JMP 00007ffd621503b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffce2021a30 5 bytes JMP 00007ffd62150390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffce2021a70 5 bytes JMP 00007ffd621502e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffce2021af0 5 bytes JMP 00007ffd621502d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffce2021b10 5 bytes JMP 00007ffd62150310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffce2021b50 5 bytes JMP 00007ffd621503c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffce2021ba0 5 bytes JMP 00007ffd621503f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffce2021d00 5 bytes JMP 00007ffd62150230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffce2021ef0 1 byte JMP 00007ffd62150480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffce2021ef2 3 bytes {JMP 0xffffffff8012e590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffce2021f20 5 bytes JMP 00007ffd621503a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffce2022040 5 bytes JMP 00007ffd621502f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffce2022060 5 bytes JMP 00007ffd62150350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffce20220d0 5 bytes JMP 00007ffd62150290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffce2022160 5 bytes JMP 00007ffd621502b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce2022180 5 bytes JMP 00007ffd621503d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffce2022190 5 bytes JMP 00007ffd62150330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffce2022240 5 bytes JMP 00007ffd62150410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffce2022270 5 bytes JMP 00007ffd62150240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffce2022590 5 bytes JMP 00007ffd621501e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffce2022650 5 bytes JMP 00007ffd62150250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffce2022680 5 bytes JMP 00007ffd62150490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffce2022690 5 bytes JMP 00007ffd621504a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffce20226c0 5 bytes JMP 00007ffd62150300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffce20226d0 1 byte JMP 00007ffd62150360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffce20226d2 3 bytes {JMP 0xffffffff8012dc90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffce2022730 5 bytes JMP 00007ffd621502a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffce2022780 5 bytes JMP 00007ffd621502c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 21 bytes JMP 00007ffd62150380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffce2022ad0 5 bytes JMP 00007ffd62150440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffce2022cd0 1 byte JMP 00007ffd62150260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffce2022cd2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffce2022ce0 1 byte JMP 00007ffd62150270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffce2022ce2 3 bytes {JMP 0xffffffff8012d590} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce2022d00 5 bytes JMP 00007ffd62150400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffce2022ee0 5 bytes JMP 00007ffd621501f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffce2022ef0 5 bytes JMP 00007ffd62150210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffce2022f80 5 bytes JMP 00007ffd62150200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffce2022ff0 5 bytes JMP 00007ffd62150420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffce2023000 5 bytes JMP 00007ffd62150430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffce2023010 5 bytes JMP 00007ffd62150220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffce2023120 2 bytes JMP 00007ffd62150280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl + 3 00007ffce2023123 2 bytes [12, 80] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffce1fa4144 5 bytes JMP 00007ffd621403a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffce1fb1838 5 bytes JMP 00007ffd6214075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce2021740 16 bytes [50, 48, B8, F4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffce20218b0 16 bytes [50, 48, B8, 4C, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffce20218d0 48 bytes [50, 48, B8, C8, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffce2021910 16 bytes [50, 48, B8, 18, E5, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffce2021960 32 bytes [50, 48, B8, 70, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ffce20219a0 16 bytes [50, 48, B8, 58, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffce2021a40 16 bytes [50, 48, B8, A0, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffce2021bc0 16 bytes [50, 48, B8, 1C, E2, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffce2022760 16 bytes [50, 48, B8, EC, E3, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffce20227b0 16 bytes [50, 48, B8, 28, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffce2022900 16 bytes [50, 48, B8, B4, E4, 68, CA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcdfe3169a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcdfe316a2 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcdfe3181a 4 bytes [E3, DF, FC, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcdfe31832 4 bytes [E3, DF, FC, 7F] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffcc36a1fdc] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffcc36a1fdc] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] @ C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll[GDI32.dll!GetFontData] [7ffcc2f36e9c] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5140] @ C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7ffd21780030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffcc36a1fdc] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2372] @ C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll[GDI32.dll!GetFontData] [7ffcc2f36e9c] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] @ C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll[GDI32.dll!GetFontData] [7ffcc2f36e9c] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffcc36a1fdc] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] @ C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll[GDI32.dll!GetFontData] [7ffcc2f36e9c] C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [644:668] fffff96000930b90 Thread C:\WINDOWS\system32\csrss.exe [644:680] fffff96000930b90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----