GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-10 21:08:53 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003b ST1000LM014-1EJ164 rev.LVD1 931,51GB Running: xqj0x0it.exe; Driver: C:\Users\KAROLINA\AppData\Local\Temp\fxryrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\System32\smss.exe[384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\csrss.exe[632] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\wininit.exe[732] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\services.exe[824] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\lsass.exe[848] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\nvvsvc.exe[408] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[548] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\System32\svchost.exe[608] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[568] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[1032] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[1284] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\conhost.exe[1396] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\System32\spoolsv.exe[1720] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[1760] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Elantech\ETDService.exe[1272] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fbbea01b32 4 bytes [A0, BE, FB, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1428] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fbbea01b3a 4 bytes [A0, BE, FB, 07] .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\dashost.exe[292] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2056] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\mfevtps.exe[2160] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2672] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[2696] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[2736] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2804] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2832] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\McAfee\MSC\McAPExe.exe[2868] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2888] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3048] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[3524] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\svchost.exe[3556] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3892] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4924] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\SearchIndexer.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\csrss.exe[4980] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\winlogon.exe[5868] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\dwm.exe[5696] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4968] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\nvvsvc.exe[5184] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[5184] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\nvvsvc.exe[5184] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\nvvsvc.exe[5184] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\system32\nvvsvc.exe[5184] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\nvvsvc.exe[5184] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\taskhostex.exe[5972] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[5968] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\Explorer.EXE[4356] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\Explorer.EXE[4356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\Explorer.EXE[4356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\Explorer.EXE[4356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\WINDOWS\Explorer.EXE[4356] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\WINDOWS\Explorer.EXE[4356] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5456] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[4216] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5676] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Windows\System32\igfxtray.exe[5728] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\igfxsrvc.exe[5876] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Windows\System32\igfxpers.exe[1772] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1168] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5148] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5148] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5148] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5148] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Windows\System32\rundll32.exe[1292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Windows\RTFTrack.exe[1988] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[4900] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbc2e61532 4 bytes [E6, C2, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbc2e6153a 4 bytes [E6, C2, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[528] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbc2e6165a 4 bytes [E6, C2, FB, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6228] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[7148] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\wuauclt.exe[6440] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[4496] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[4496] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fbc663177a 4 bytes [63, C6, FB, 07] .text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[4496] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fbc6631782 4 bytes [63, C6, FB, 07] .text C:\Users\KAROLINA\AppData\Roaming\LookThisUp\LookThisUp.exe[6640] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fbc9242c90 5 bytes JMP 000007fc49410460 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fbc9242ce0 5 bytes JMP 000007fc49410450 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fbc9242e40 5 bytes JMP 000007fc49410370 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fbc9242e90 5 bytes JMP 000007fc49410470 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fbc9242ea0 5 bytes JMP 000007fc494103e0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fbc9242f50 5 bytes JMP 000007fc49410320 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fbc9242f80 5 bytes JMP 000007fc494103b0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fbc9242fa0 5 bytes JMP 000007fc49410390 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fbc9242fe0 5 bytes JMP 000007fc494102e0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fbc9243060 5 bytes JMP 000007fc494102d0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fbc9243080 1 byte JMP 000007fc49410310 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fbc9243082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fbc92430c0 5 bytes JMP 000007fc494103c0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fbc9243110 5 bytes JMP 000007fc494103f0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fbc9243281 5 bytes JMP 000007fc49410230 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fbc9243471 5 bytes JMP 000007fc49410480 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fbc92434a1 5 bytes JMP 000007fc494103a0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fbc92435b1 5 bytes JMP 000007fc494102f0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fbc92435d1 5 bytes JMP 000007fc49410350 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fbc9243641 5 bytes JMP 000007fc49410290 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fbc92436d1 5 bytes JMP 000007fc494102b0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fbc92436f1 5 bytes JMP 000007fc494103d0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fbc9243701 5 bytes JMP 000007fc49410330 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fbc92437a1 5 bytes JMP 000007fc49410410 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fbc92437d1 5 bytes JMP 000007fc49410240 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fbc9243ae1 5 bytes JMP 000007fc494101e0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fbc9243ba1 5 bytes JMP 000007fc49410250 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fbc9243bd1 5 bytes JMP 000007fc49410490 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fbc9243be1 5 bytes JMP 000007fc494104a0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fbc9243c11 5 bytes JMP 000007fc49410300 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fbc9243c21 5 bytes JMP 000007fc49410360 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fbc9243c81 5 bytes JMP 000007fc494102a0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fbc9243cd1 5 bytes JMP 000007fc494102c0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fbc9243d01 5 bytes JMP 000007fc49410380 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fbc9243d11 5 bytes JMP 000007fc49410340 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fbc9244021 5 bytes JMP 000007fc49410440 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fbc9244221 5 bytes JMP 000007fc49410260 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fbc9244231 5 bytes JMP 000007fc49410270 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fbc9244251 5 bytes JMP 000007fc49410400 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fbc9244431 5 bytes JMP 000007fc494101f0 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fbc9244441 5 bytes JMP 000007fc49410210 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fbc92444b1 5 bytes JMP 000007fc49410200 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fbc9244521 5 bytes JMP 000007fc49410420 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fbc9244531 5 bytes JMP 000007fc49410430 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fbc9244541 5 bytes JMP 000007fc49410220 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fbc9244651 5 bytes JMP 000007fc49410280 .text C:\WINDOWS\system32\NOTEPAD.EXE[10908] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fbc85ff7eb 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [4980:2788] fffff960009c05e8 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1484] (WindowsProtectManger Service/Fuyu LIMITED)(2014-07-01 07:47:49) 00000000000f0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----