GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-25 18:05:29 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000046 HGST_HTS541075A9E680 rev.JA2OA560 698,64GB Running: ij9xjozf.exe; Driver: C:\Users\EXHALA~1\AppData\Local\Temp\pxlorpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000139e00 7 bytes [00, 91, 1C, 01, 00, D6, 9D] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000139e08 7 bytes [01, 0F, E4, FF, 00, 5F, E8] ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\smss.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fd9185ab4f 1 byte [62] .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\wininit.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fd9185ab4f 1 byte [62] .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\winlogon.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\nvvsvc.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\dwm.exe[304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd91d2177a 4 bytes [D2, 91, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd91d21782 4 bytes [D2, 91, FD, 07] .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\conhost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\dashost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Elantech\ETDService.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd91d2177a 4 bytes [D2, 91, FD, 07] .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2108] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd91d21782 4 bytes [D2, 91, FD, 07] .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\wbem\wmiprvse.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fd9185ab4f 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2916] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\taskeng.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\Explorer.EXE[3004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fd9185ab4f 1 byte [62] .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\taskhostex.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\AUDIODG.EXE[3500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[3192] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1192] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\WUDFHost.exe[4276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\igfxtray.exe[4996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\hkcmd.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\System32\igfxpers.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\taskmgr.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd8cff1532 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd8cff153a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4476] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd8cff165a 4 bytes [FF, 8C, FD, 07] .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\wbem\unsecapp.exe[4660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\system32\PsApi.dll!GetProcessImageFileNameA + 306 000007fd91d2177a 4 bytes [D2, 91, FD, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1624] C:\Windows\system32\PsApi.dll!GetProcessImageFileNameA + 314 000007fd91d21782 4 bytes [D2, 91, FD, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fd9185ab4f 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\system32\PsApi.dll!GetProcessImageFileNameA + 306 000007fd91d2177a 4 bytes [D2, 91, FD, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[4120] C:\Windows\system32\PsApi.dll!GetProcessImageFileNameA + 314 000007fd91d21782 4 bytes [D2, 91, FD, 07] .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd91d2177a 4 bytes [D2, 91, FD, 07] .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd91d21782 4 bytes [D2, 91, FD, 07] .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fd91f02c50 5 bytes JMP 000007fe120d0460 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fd91f02ca0 5 bytes JMP 000007fe120d0450 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fd91f02e00 5 bytes JMP 000007fe120d0370 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fd91f02e50 5 bytes JMP 000007fe120d0470 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fd91f02e60 5 bytes JMP 000007fe120d03e0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fd91f02f10 5 bytes JMP 000007fe120d0320 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fd91f02f40 5 bytes JMP 000007fe120d03b0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fd91f02f60 5 bytes JMP 000007fe120d0390 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fd91f02fa0 5 bytes JMP 000007fe120d02e0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fd91f03020 5 bytes JMP 000007fe120d02d0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fd91f03040 5 bytes JMP 000007fe120d0310 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fd91f03080 5 bytes JMP 000007fe120d03c0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fd91f030d0 5 bytes JMP 000007fe120d03f0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fd91f03241 5 bytes JMP 000007fe120d0230 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fd91f03431 5 bytes JMP 000007fe120d0480 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fd91f03461 5 bytes JMP 000007fe120d03a0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fd91f03571 5 bytes JMP 000007fe120d02f0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fd91f03591 5 bytes JMP 000007fe120d0350 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fd91f03601 5 bytes JMP 000007fe120d0290 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fd91f03691 5 bytes JMP 000007fe120d02b0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fd91f036b1 5 bytes JMP 000007fe120d03d0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fd91f036c1 5 bytes JMP 000007fe120d0330 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fd91f03761 5 bytes JMP 000007fe120d0410 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fd91f03791 5 bytes JMP 000007fe120d0240 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fd91f03aa1 5 bytes JMP 000007fe120d01e0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fd91f03b61 5 bytes JMP 000007fe120d0250 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fd91f03b91 5 bytes JMP 000007fe120d0490 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fd91f03ba1 5 bytes JMP 000007fe120d04a0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fd91f03bd1 5 bytes JMP 000007fe120d0300 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fd91f03be1 5 bytes JMP 000007fe120d0360 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fd91f03c41 5 bytes JMP 000007fe120d02a0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fd91f03c91 5 bytes JMP 000007fe120d02c0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fd91f03cc1 5 bytes JMP 000007fe120d0380 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fd91f03cd1 5 bytes JMP 000007fe120d0340 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fd91f03fe1 5 bytes JMP 000007fe120d0440 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fd91f041e1 5 bytes JMP 000007fe120d0260 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fd91f041f1 5 bytes JMP 000007fe120d0270 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fd91f04211 5 bytes JMP 000007fe120d0400 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fd91f043f1 5 bytes JMP 000007fe120d01f0 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fd91f04401 5 bytes JMP 000007fe120d0210 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fd91f04471 5 bytes JMP 000007fe120d0200 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fd91f044e1 5 bytes JMP 000007fe120d0420 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fd91f044f1 5 bytes JMP 000007fe120d0430 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fd91f04501 5 bytes JMP 000007fe120d0220 .text C:\Windows\system32\conhost.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fd91f04611 5 bytes JMP 000007fe120d0280 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeClearEvent] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ExFreePoolWithTag] [f703e9c188888889] [unknown section] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoGetAttachedDevice] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!_wcsnicmp] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeSetEvent] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlCheckRegistryKey] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ZwPowerInformation] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeInitializeDpc] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeReleaseSpinLock] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeInitializeTimer] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoCancelIrp] [ff3302eb0000006f] [unknown section] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PoSetPowerState] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoForwardIrpSynchronously] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!_vsnwprintf] [f49e29000000f89e] [unknown section] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PoDisableSleepStates] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlQueryRegistryValuesEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlCheckPortableOperatingSystem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoGetDeviceProperty] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!DbgPrint] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeInitializeSpinLock] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlSetPortableOperatingSystem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeAcquireSpinLockRaiseToDpc] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoReuseIrp] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeSetCoalescableTimer] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KfRaiseIrql] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeLeaveGuardedRegion] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeLowerIrql] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeEnterGuardedRegion] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeCancelTimer] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeRemoveQueue] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoQueueWorkItemEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!PsCreateSystemThread] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeInitializeQueue] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoInitializeWorkItem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!ObfDereferenceObject] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoSizeofWorkItem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoTryQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!KeInsertQueue] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!MmIsDriverVerifying] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!DbgPrintEx] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!EtwRegister] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\a1rec1jq.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\a1rec1jq \Device\Scsi\a1rec1jq1Port1Path0Target0Lun0 fffffa80073eb2c0 Device \Driver\a1rec1jq \Device\Scsi\a1rec1jq1 fffffa80073eb2c0 Device \FileSystem\Ntfs \Ntfs fffffa80072792c0 Device \FileSystem\fastfat \Fat fffffa80073a62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4190F66C-228F-4B2B-970E-EFF61C924BE0} fffffa800726d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{32D29C4D-F67C-4ADB-8F1F-8A3BA77C9EEA} fffffa800726d2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80073ed2c0 Device \Driver\USBSTOR \Device\00000070 fffffa800d7f22c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa800727b2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800726b2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800726b2c0 Device \Driver\cdrom \Device\CdRom2 fffffa800726b2c0 Device \Driver\USBSTOR \Device\0000006f fffffa800d7f22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{56566CFD-AF97-4679-B6BC-6B95639BEA51} fffffa800726d2c0 Device \Driver\iaStorA \Device\00000045 fffffa800727b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CF1C5BE4-21A1-4CB0-97ED-377B9E54F64D} fffffa800726d2c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa80073ed2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800726f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{45EAB9F1-AAB7-4A3E-A763-5AB08C870B7C} fffffa800726d2c0 Device \Driver\iaStorA \Device\00000046 fffffa800727b2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80073ed2c0 Device \FileSystem\4598F85ACBA61D4E \Device\4598F85ACBA61D4E fffff88008605008 Device \Driver\NetBT \Device\NetBT_Tcpip_{3328D6D8-8364-46B6-BE66-86CA9E721D1C} fffffa800726d2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800726d2c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa80073ed2c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa800727b2c0 Device \Driver\a1rec1jq \Device\ScsiPort1 fffffa80073eb2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B5AF92E7-FDA3-4EDD-9482-BE514683841B} fffffa800726d2c0 Device \Driver\dtsoftbus01 \Device\0000004a fffffa800726f2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800727b2c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa800727b2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80089ef060] fffffa80089ef060 Trace 3 CLASSPNP.SYS[fffff88000e028aa] -> nt!IofCallDriver -> [0xfffffa8007c064a0] fffffa8007c064a0 Trace 5 ACPI.sys[fffff88001001a91] -> nt!IofCallDriver -> \Device\00000046[0xfffffa8007c06780] fffffa8007c06780 Trace \Driver\iaStorA[0xfffffa8007c0c940] -> IRP_MJ_CREATE -> 0xfffffa800727b2c0 fffffa800727b2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a1rec1jq.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2012-07-26 02:27:04) fffff880085a1000-fffff880085f2000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [644:660] fffff960009325e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----