GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-09-02 12:53:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: m57g1hli.exe; Driver: C:\Users\DIFFER~1\AppData\Local\Temp\fxryrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000147e00 7 bytes [00, 23, 80, 01, 00, 1B, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff96000147e08 7 bytes [01, 7C, BF, FF, 00, 8E, DA] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\lsass.exe[764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\svchost.exe[868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\svchost.exe[364] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\System32\svchost.exe[1104] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\svchost.exe[1584] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2532] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3040] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\svchost.exe[3516] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\System32\svchost.exe[4084] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\SearchIndexer.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\dwm.exe[7644] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\taskhostex.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\Explorer.EXE[6828] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[496] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Program Files\Apoint2K\HidFind.exe[2992] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Windows\System32\rundll32.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4368] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[6176] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[8152] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc5bee2bc0 5 bytes JMP 000007fcdc0b0460 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fc5bee2c10 5 bytes JMP 000007fcdc0b0450 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc5bee2d70 5 bytes JMP 000007fcdc0b0370 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc5bee2dc0 5 bytes JMP 000007fcdc0b0470 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc5bee2dd0 5 bytes JMP 000007fcdc0b03e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fc5bee2e80 5 bytes JMP 000007fcdc0b0320 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc5bee2eb0 5 bytes JMP 000007fcdc0b03b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc5bee2ed0 5 bytes JMP 000007fcdc0b0390 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc5bee2f10 5 bytes JMP 000007fcdc0b02e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc5bee2f90 5 bytes JMP 000007fcdc0b02d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fc5bee2fb0 5 bytes JMP 000007fcdc0b0310 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fc5bee2ff0 5 bytes JMP 000007fcdc0b03c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc5bee3040 5 bytes JMP 000007fcdc0b03f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc5bee31b1 5 bytes JMP 000007fcdc0b0230 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc5bee33a1 5 bytes JMP 000007fcdc0b0480 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc5bee33d1 5 bytes JMP 000007fcdc0b03a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc5bee34e1 5 bytes JMP 000007fcdc0b02f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc5bee3501 5 bytes JMP 000007fcdc0b0350 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc5bee3571 5 bytes JMP 000007fcdc0b0290 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc5bee3601 5 bytes JMP 000007fcdc0b02b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc5bee3621 5 bytes JMP 000007fcdc0b03d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc5bee3631 5 bytes JMP 000007fcdc0b0330 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc5bee36d1 5 bytes JMP 000007fcdc0b0410 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc5bee3701 5 bytes JMP 000007fcdc0b0240 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc5bee3a11 5 bytes JMP 000007fcdc0b01e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc5bee3ad1 5 bytes JMP 000007fcdc0b0250 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc5bee3b01 5 bytes JMP 000007fcdc0b0490 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc5bee3b11 5 bytes JMP 000007fcdc0b04a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc5bee3b41 5 bytes JMP 000007fcdc0b0300 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc5bee3b51 5 bytes JMP 000007fcdc0b0360 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc5bee3bb1 5 bytes JMP 000007fcdc0b02a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc5bee3c01 5 bytes JMP 000007fcdc0b02c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fc5bee3c31 5 bytes JMP 000007fcdc0b0380 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc5bee3c41 5 bytes JMP 000007fcdc0b0340 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc5bee3f51 5 bytes JMP 000007fcdc0b0440 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc5bee4151 5 bytes JMP 000007fcdc0b0260 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc5bee4161 5 bytes JMP 000007fcdc0b0270 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc5bee4181 5 bytes JMP 000007fcdc0b0400 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc5bee4361 5 bytes JMP 000007fcdc0b01f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc5bee4371 5 bytes JMP 000007fcdc0b0210 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc5bee43e1 5 bytes JMP 000007fcdc0b0200 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc5bee4451 5 bytes JMP 000007fcdc0b0420 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc5bee4461 5 bytes JMP 000007fcdc0b0430 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc5bee4471 5 bytes JMP 000007fcdc0b0220 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fc5bee4581 5 bytes JMP 000007fcdc0b0280 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe[12632] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] .text C:\WINDOWS\system32\AUDIODG.EXE[9544] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc592cf817 1 byte [62] ---- Threads - GMER 2.1 ---- Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:1600] 0000000077225087 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2016] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2004] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:1964] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:1960] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2024] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2044] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2012] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2032] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2008] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2028] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:1296] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:1544] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:1440] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2164] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2168] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2196] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2288] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2292] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2300] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2340] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2352] 0000000077225087 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2356] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:2464] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:4996] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:13512] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:11648] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:10868] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:8348] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:12540] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:11924] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:11836] 0000000072f229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ELISOFT\MSSQL\Binn\sqlservr.exe [1996:5956] 0000000072f229e1 Thread C:\WINDOWS\system32\csrss.exe [8036:7420] fffff960008205e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----