GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-25 00:52:39 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 Hitachi_HTS545050A7E380 rev.GG2OA7B0 465,76GB Running: q1ysdf27.exe; Driver: C:\Users\Jerzy\AppData\Local\Temp\uxloypow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\csrss.exe[556] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\winlogon.exe[748] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\services.exe[792] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\lsass.exe[800] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[964] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f95b8a177a 4 bytes [8A, 5B, F9, 07] .text C:\WINDOWS\system32\atiesrxx.exe[268] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f95b8a1782 4 bytes [8A, 5B, F9, 07] .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\System32\svchost.exe[376] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\dwm.exe[560] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f95b8a177a 4 bytes [8A, 5B, F9, 07] .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f95b8a1782 4 bytes [8A, 5B, F9, 07] .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007f9564a1b32 4 bytes [4A, 56, F9, 07] .text C:\WINDOWS\system32\atieclxx.exe[1140] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007f9564a1b3a 4 bytes [4A, 56, F9, 07] .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\System32\svchost.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\System32\spoolsv.exe[1732] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\Explorer.EXE[1740] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\taskhostex.exe[1868] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2228] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[2464] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\svchost.exe[2952] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\WINDOWS\system32\SearchIndexer.exe[3004] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f957801532 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f95780153a 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f95780165a 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f9564a1b32 4 bytes [4A, 56, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1792] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f9564a1b3a 4 bytes [4A, 56, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f957801532 4 bytes [80, 57, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f95780153a 4 bytes [80, 57, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f95780165a 4 bytes [80, 57, F9, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f95b8a177a 4 bytes [8A, 5B, F9, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f95b8a1782 4 bytes [8A, 5B, F9, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3376] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1552] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f95b8a177a 4 bytes [8A, 5B, F9, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f95b8a1782 4 bytes [8A, 5B, F9, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3908] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f957801532 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f95780153a 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1672] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f95780165a 4 bytes [80, 57, F9, 07] .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4956] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f957801532 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f95780153a 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f95780165a 4 bytes [80, 57, F9, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[5020] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f95b8a177a 4 bytes [8A, 5B, F9, 07] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f95b8a1782 4 bytes [8A, 5B, F9, 07] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5076] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4024] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4024] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4024] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4024] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4024] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Windows\System32\RuntimeBroker.exe[4580] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[1232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f95cb62d60 5 bytes JMP 000007f95cd20b14 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f95cb62dc0 5 bytes JMP 000007f95cd20ecc .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f95cd2163c .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f95cb630e0 5 bytes JMP 000007f95cd21284 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f95cd219f4 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f95cb74a10 5 bytes JMP 000007f95cd2075c .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f95cb931c4 5 bytes JMP 000007f95cd203a4 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f95b91f7eb 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f95ca67510 5 bytes JMP 000007f9dcab0b14 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f95ca67550 5 bytes JMP 000007f9dcab19f4 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f95ca675d0 5 bytes JMP 000007f9dcab075c .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f95ca67b20 5 bytes JMP 000007f9dcab1284 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f95ca8b034 5 bytes JMP 000007f9dcab03a4 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f95ca8b2e4 5 bytes JMP 000007f9dcab163c .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f95ca8b470 5 bytes JMP 000007f9dcab0ecc .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f95ca8b6d4 5 bytes JMP 000007f9dcab1dac .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f95ba52120 5 bytes JMP 000007f9dbba1284 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f95ba5bee0 5 bytes JMP 000007f9dbba0ecc .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f95ba5e030 5 bytes JMP 000007f9dbba075c .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f95ba62f70 5 bytes JMP 000007f9dbba03a4 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f95ba81850 5 bytes JMP 000007f9dbba0b14 .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f957801532 4 bytes [80, 57, F9, 07] .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f95780153a 4 bytes [80, 57, F9, 07] .text C:\Program Files\Sony\VAIO Care\VCAdmin.exe[860] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f95780165a 4 bytes [80, 57, F9, 07] .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f95cb62c90 5 bytes JMP 000007f9dcd30460 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f95cb62ce0 5 bytes JMP 000007f9dcd30450 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f95cb62e40 5 bytes JMP 000007f9dcd30370 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f95cb62e90 5 bytes JMP 000007f9dcd30470 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f95cb62ea0 5 bytes JMP 000007f9dcd303e0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f95cb62f50 5 bytes JMP 000007f9dcd30320 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f95cb62f80 5 bytes JMP 000007f9dcd303b0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f95cb62fa0 5 bytes JMP 000007f9dcd30390 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f95cb62fe0 5 bytes JMP 000007f9dcd302e0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f95cb63060 5 bytes JMP 000007f9dcd302d0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f95cb63080 1 byte JMP 000007f9dcd30310 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f95cb63082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f95cb630c0 5 bytes JMP 000007f9dcd303c0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f95cb63110 5 bytes JMP 000007f9dcd303f0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f95cb63281 5 bytes JMP 000007f9dcd30230 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f95cb63471 5 bytes JMP 000007f9dcd30480 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f95cb634a1 5 bytes JMP 000007f9dcd303a0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f95cb635b1 5 bytes JMP 000007f9dcd302f0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f95cb635d1 5 bytes JMP 000007f9dcd30350 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f95cb63641 5 bytes JMP 000007f9dcd30290 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f95cb636d1 5 bytes JMP 000007f9dcd302b0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f95cb636f1 5 bytes JMP 000007f9dcd303d0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f95cb63701 5 bytes JMP 000007f9dcd30330 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f95cb637a1 5 bytes JMP 000007f9dcd30410 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f95cb637d1 5 bytes JMP 000007f9dcd30240 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f95cb63ae1 5 bytes JMP 000007f9dcd301e0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f95cb63ba1 5 bytes JMP 000007f9dcd30250 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f95cb63bd1 5 bytes JMP 000007f9dcd30490 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f95cb63be1 5 bytes JMP 000007f9dcd304a0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f95cb63c11 5 bytes JMP 000007f9dcd30300 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f95cb63c21 5 bytes JMP 000007f9dcd30360 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f95cb63c81 5 bytes JMP 000007f9dcd302a0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f95cb63cd1 5 bytes JMP 000007f9dcd302c0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f95cb63d01 5 bytes JMP 000007f9dcd30380 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f95cb63d11 5 bytes JMP 000007f9dcd30340 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f95cb64021 5 bytes JMP 000007f9dcd30440 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f95cb64221 5 bytes JMP 000007f9dcd30260 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f95cb64231 5 bytes JMP 000007f9dcd30270 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f95cb64251 5 bytes JMP 000007f9dcd30400 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f95cb64431 5 bytes JMP 000007f9dcd301f0 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f95cb64441 5 bytes JMP 000007f9dcd30210 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f95cb644b1 5 bytes JMP 000007f9dcd30200 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f95cb64521 5 bytes JMP 000007f9dcd30420 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f95cb64531 5 bytes JMP 000007f9dcd30430 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f95cb64541 5 bytes JMP 000007f9dcd30220 .text C:\WINDOWS\system32\AUDIODG.EXE[2684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f95cb64651 5 bytes JMP 000007f9dcd30280 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [704:1584] fffff9600082e5e8 Thread C:\WINDOWS\system32\wwahost.exe [3292:3940] 000007f94d3eb300 Thread C:\WINDOWS\system32\wwahost.exe [3292:4068] 000007f94d37d540 Thread C:\WINDOWS\system32\wwahost.exe [3292:4208] 000007f94d37d540 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----