GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-11 15:07:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB Running: pn10jv52.exe; Driver: C:\Users\Aga\AppData\Local\Temp\awtorpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\System32\smss.exe[324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\csrss.exe[476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\winlogon.exe[656] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad775177a 4 bytes [75, D7, FA, 07] .text C:\WINDOWS\system32\atiesrxx.exe[944] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad7751782 4 bytes [75, D7, FA, 07] .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\System32\svchost.exe[976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\dwm.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad775177a 4 bytes [75, D7, FA, 07] .text C:\WINDOWS\system32\atieclxx.exe[1080] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad7751782 4 bytes [75, D7, FA, 07] .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\System32\svchost.exe[1100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad775177a 4 bytes [75, D7, FA, 07] .text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad7751782 4 bytes [75, D7, FA, 07] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad775177a 4 bytes [75, D7, FA, 07] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1812] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad7751782 4 bytes [75, D7, FA, 07] .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\CxAudMsg64.exe[1868] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\Elantech\ETDService.exe[1908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Windows\System32\WUDFHost.exe[2404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\svchost.exe[2992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\SearchIndexer.exe[776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2120] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\taskhostex.exe[1448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\Explorer.EXE[1164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad49f1532 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad49f153a 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2380] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad49f165a 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad49f1532 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad49f153a 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3380] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad49f165a 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad49f1532 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad49f153a 4 bytes [9F, D4, FA, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[3472] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad49f165a 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad49f1532 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad49f153a 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad49f165a 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007facd0c1b32 4 bytes [0C, CD, FA, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3160] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007facd0c1b3a 4 bytes [0C, CD, FA, 07] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[3352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Windows\System32\RuntimeBroker.exe[3404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad49f1532 4 bytes [9F, D4, FA, 07] .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad49f153a 4 bytes [9F, D4, FA, 07] .text C:\Windows\RTFTrack.exe[3436] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad49f165a 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad49f1532 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad49f153a 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3484] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad49f165a 4 bytes [9F, D4, FA, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\System32\svchost.exe[436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\dashost.exe[5548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fada382c50 5 bytes JMP 000007fb5a550460 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007fada382ca0 5 bytes JMP 000007fb5a550450 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fada382e00 5 bytes JMP 000007fb5a550370 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fada382e50 5 bytes JMP 000007fb5a550470 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fada382e60 5 bytes JMP 000007fb5a5503e0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007fada382f10 5 bytes JMP 000007fb5a550320 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fada382f40 5 bytes JMP 000007fb5a5503b0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fada382f60 5 bytes JMP 000007fb5a550390 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007fada382fa0 5 bytes JMP 000007fb5a5502e0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007fada383020 5 bytes JMP 000007fb5a5502d0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007fada383040 5 bytes JMP 000007fb5a550310 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007fada383080 5 bytes JMP 000007fb5a5503c0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007fada3830d0 5 bytes JMP 000007fb5a5503f0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fada383241 5 bytes JMP 000007fb5a550230 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fada383431 5 bytes JMP 000007fb5a550480 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fada383461 5 bytes JMP 000007fb5a5503a0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fada383571 5 bytes JMP 000007fb5a5502f0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fada383591 5 bytes JMP 000007fb5a550350 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007fada383601 5 bytes JMP 000007fb5a550290 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fada383691 5 bytes JMP 000007fb5a5502b0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fada3836b1 5 bytes JMP 000007fb5a5503d0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007fada3836c1 5 bytes JMP 000007fb5a550330 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fada383761 5 bytes JMP 000007fb5a550410 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fada383791 5 bytes JMP 000007fb5a550240 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007fada383aa1 5 bytes JMP 000007fb5a5501e0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fada383b61 5 bytes JMP 000007fb5a550250 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fada383b91 5 bytes JMP 000007fb5a550490 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fada383ba1 5 bytes JMP 000007fb5a5504a0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fada383bd1 5 bytes JMP 000007fb5a550300 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fada383be1 5 bytes JMP 000007fb5a550360 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007fada383c41 5 bytes JMP 000007fb5a5502a0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fada383c91 5 bytes JMP 000007fb5a5502c0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fada383cc1 5 bytes JMP 000007fb5a550380 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007fada383cd1 5 bytes JMP 000007fb5a550340 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fada383fe1 5 bytes JMP 000007fb5a550440 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fada3841e1 5 bytes JMP 000007fb5a550260 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fada3841f1 5 bytes JMP 000007fb5a550270 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fada384211 5 bytes JMP 000007fb5a550400 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fada3843f1 5 bytes JMP 000007fb5a5501f0 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fada384401 5 bytes JMP 000007fb5a550210 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fada384471 5 bytes JMP 000007fb5a550200 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fada3844e1 5 bytes JMP 000007fb5a550420 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007fada3844f1 5 bytes JMP 000007fb5a550430 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fada384501 5 bytes JMP 000007fb5a550220 .text C:\WINDOWS\system32\DllHost.exe[5992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007fada384611 5 bytes JMP 000007fb5a550280 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [612:636] fffff960009405e8 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [824](2 000000006fbc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [824](2014-10-05 12:02:32) 000000006e940000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [824](201 000000006a1c0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [824](2014-10-05 12:02:32) 000000006ff00000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [824](2014-10-05 12:02:33) 000000006efc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [824](2014- 000000006ed40000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----