GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-01-29 00:09:11
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d TOSHIBA_MQ01ABD075 rev.AX001C 698,64GB
Running: i6b5imff.exe; Driver: C:\Users\hp\AppData\Local\Temp\kxroqkog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                fffff96000128700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                           fffff96000128710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\winlogon.exe[652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                        00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                                 00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                 00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                      00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                                 00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                             00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                   00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                 00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                               00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                                00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                             00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                     00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                                 00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                    00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                             00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                          00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                             00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                 00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                          00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                             00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                  00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                             00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                             00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                    00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                               00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                            00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                        00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                  00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                               00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                  00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                   00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                            00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                           00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                       00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                              00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                          00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                        00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                         00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                              00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                              00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                               00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                          00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                  00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                       00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                               00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                             00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                              00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                               00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                      00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                     00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                        00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[784] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                               00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                             00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                              00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                               00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                      00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                     00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                        00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                          00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                                   00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                   00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                        00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                                   00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                               00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                     00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                   00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                                 00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                                  00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                               00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                  00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                       00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                                   00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                      00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                               00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                            00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                  00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                               00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                   00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                            00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                               00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                    00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                               00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                               00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                      00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                 00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                              00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                          00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                    00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                 00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                    00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                     00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                              00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                             00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                         00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                            00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                          00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                           00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                 00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                            00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                    00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\dwm.exe[916] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\atiesrxx.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\atiesrxx.exe[968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                   00007ff9eae5169a 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\system32\atiesrxx.exe[968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                   00007ff9eae516a2 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\system32\atiesrxx.exe[968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                      00007ff9eae5181a 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\system32\atiesrxx.exe[968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                      00007ff9eae51832 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                               00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                             00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                              00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                               00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                      00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                     00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                        00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\System32\svchost.exe[996] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                               00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                             00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                              00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                               00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                      00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                     00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                        00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[264] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                               00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                             00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                              00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                               00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                      00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                     00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                        00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                   00007ff9eae5169a 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                   00007ff9eae516a2 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                      00007ff9eae5181a 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[612] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                      00007ff9eae51832 4 bytes [E5, EA, F9, 7F]
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                               00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                             00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                              00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                               00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                      00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                     00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                        00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\System32\svchost.exe[448] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                     00007ff9ecde977d 1 byte [62]
.text   C:\Program Files\IDT\WDM\STacSV64.exe[800] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                               00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                            00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                            00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                          00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                           00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                            00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                   00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                             00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                  00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                     00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                             00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\Hpservice.exe[1072] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                  00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\System32\spoolsv.exe[1576] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[1624] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[1808] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
?       C:\Windows\SYSTEM32\BsHelpCSps.dll [1848] entry point in ".data" section                                                                                       0000000001a35055
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\dashost.exe[2696] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\Program Files\Intel\iCLS Client\HeciServer.exe[2704] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                  00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\conhost.exe[3192] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                        00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                        00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                      00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                       00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                        00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                               00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                         00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                              00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                 00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                         00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                              00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\conhost.exe[3284] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\conhost.exe[3320] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                       00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                     00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                           00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                         00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                            00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                  00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                              00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                               00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                            00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                               00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                    00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                   00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                            00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                         00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                               00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                            00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                             00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                         00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                            00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                 00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                            00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                            00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                   00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                              00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                           00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                       00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                 00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                              00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                 00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                  00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                           00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                          00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                      00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                             00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                         00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                           00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                       00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                        00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                             00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                             00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                              00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                         00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                 00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3476] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                      00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[3616] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\svchost.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                             00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                             00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                           00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                            00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                             00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                    00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                              00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                   00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                      00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                              00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Windows\System32\WUDFHost.exe[3976] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                   00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                             00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                                      00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                      00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                           00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                               00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                  00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                        00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                      00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                     00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                                      00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                         00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                  00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                               00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                     00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                  00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                      00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                               00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                  00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                  00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                  00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                         00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                    00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                 00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                             00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                       00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                    00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                       00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                        00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                 00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                            00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                   00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                               00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                 00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                              00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                   00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                    00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                       00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\Explorer.EXE[3644] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                            00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                  00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                           00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                           00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                           00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                       00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                             00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                           00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                         00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                          00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                       00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                          00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                               00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                           00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                              00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                       00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                    00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                          00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                       00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                           00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                    00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                       00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                            00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                       00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                       00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                              00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                         00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                      00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                  00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                            00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                         00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                            00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                             00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                      00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                     00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                 00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                        00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                    00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                  00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                   00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                        00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                        00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                         00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                    00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                            00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\taskhostex.exe[3864] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                 00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                        00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                        00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                      00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                       00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                        00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                               00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                         00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                              00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                 00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                         00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\SearchIndexer.exe[4544] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                              00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                             00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                             00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                           00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                            00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                             00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                    00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                              00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                   00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                      00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                              00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Windows\System32\skydrive.exe[4796] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                   00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                             00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                             00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                           00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                            00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                             00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                    00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                              00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                   00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                      00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                              00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Windows\System32\igfxtray.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                   00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                                00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                                00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                              00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                               00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                                00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                       00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                      00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                         00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Windows\System32\hkcmd.exe[4864] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                      00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                             00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                             00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                           00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                            00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                             00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                    00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                              00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                   00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                      00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                              00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\igfxsrvc.exe[5064] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                   00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                             00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                             00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                           00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                            00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                             00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                    00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                              00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                   00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                      00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                              00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                   00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                  00007ff9eae5169a 4 bytes [E5, EA, F9, 7F]
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                  00007ff9eae516a2 4 bytes [E5, EA, F9, 7F]
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                     00007ff9eae5181a 4 bytes [E5, EA, F9, 7F]
.text   C:\Windows\System32\igfxpers.exe[4648] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                     00007ff9eae51832 4 bytes [E5, EA, F9, 7F]
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                        00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                        00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                      00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                       00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                        00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                               00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                         00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                              00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                 00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                         00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files\IDT\WDM\sttray64.exe[5040] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                              00007ff9ecde977d 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                       00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                     00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                         00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                            00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                  00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                              00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                               00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                            00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                               00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                   00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                            00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                         00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                               00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                            00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                         00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                            00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                            00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                            00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                   00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                              00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                           00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                       00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                 00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                              00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                 00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                  00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                           00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                          00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                      00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                             00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                         00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                           00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                        00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                             00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                              00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                 00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                      00007ff9ecde977d 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                     00007ff9eae5169a 4 bytes [E5, EA, F9, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                     00007ff9eae516a2 4 bytes [E5, EA, F9, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                        00007ff9eae5181a 4 bytes [E5, EA, F9, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4872] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                        00007ff9eae51832 4 bytes [E5, EA, F9, 7F]
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                           00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                            00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                  00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                              00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                               00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                            00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                               00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                            00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                               00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                 00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                              00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                       00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                 00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                 00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                  00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                      00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                             00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                         00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                           00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                             00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                             00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                              00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                 00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                      00007ff9ecde977d 1 byte [62]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                             00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                             00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                             00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                         00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                               00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                             00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                           00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                            00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                         00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                             00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                            00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                             00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                              00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                    00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                              00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                              00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                               00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                   00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                      00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                           00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                              00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                   00007ff9ecde977d 1 byte [62]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                  00007ff9eae5169a 4 bytes [E5, EA, F9, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                  00007ff9eae516a2 4 bytes [E5, EA, F9, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                     00007ff9eae5181a 4 bytes [E5, EA, F9, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                     00007ff9eae51832 4 bytes [E5, EA, F9, 7F]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                         00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                         00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                              00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                    00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                         00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                     00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                           00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                         00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                       00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                        00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                     00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                        00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                             00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                         00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                            00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                     00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                  00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                        00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                     00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                         00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                  00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                     00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                          00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                     00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                     00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                            00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                       00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                    00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                          00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                       00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                          00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                           00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                    00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                   00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                               00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                      00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                  00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                    00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                 00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                      00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                      00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                       00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                  00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                          00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4716] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                               00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                              00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                            00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                             00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                              00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                                     00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                                    00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                       00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                               00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Windows\System32\wscript.exe[2712] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                    00007ff9ecde977d 1 byte [62]
?       C:\Windows\SYSTEM32\BsHelpCSps.dll [4928] entry point in ".data" section                                                                                       0000000003df5055
?       C:\Windows\SYSTEM32\BlueSoleilCSps.dll [4928] entry point in ".rdata" section                                                                                  0000000003f64085
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                                                        00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                                                        00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                                                      00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                                                       00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                        00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                                               00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                                                         00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                                              00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                                                 00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                                                         00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[5460] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                              00007ff9ecde977d 1 byte [62]
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                 00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                          00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                          00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                               00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                     00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                          00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                      00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                            00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                          00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                        00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                         00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                      00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                         00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                              00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                          00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                             00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                      00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                   00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                         00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                       00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                          00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                   00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                      00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                           00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                      00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                      00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                             00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                        00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                     00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                 00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                           00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                           00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                            00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                     00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                    00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                       00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                   00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                     00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                 00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                  00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                       00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                       00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                        00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                   00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                           00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5736] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165                                00007ff9ecde977d 1 byte [62]
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                 00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                                          00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                                          00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                               00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                     00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                                          00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject                                      00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                                            00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                                          00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                                        00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                                         00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread                                      00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                                         00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                              00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                          00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                             00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair                                      00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                   00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                                         00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                       00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                                          00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                   00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                      00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                                           00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry                                      00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                      00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                             00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                                        00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                     00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2                                 00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                                           00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                                           00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                                            00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                     00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                    00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2                                00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions                                       00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2                                   00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                     00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation                                 00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                  00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem                                       00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess                                       00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                                        00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl                                   00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                                           00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5692] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165                                00007ff9ecde977d 1 byte [62]
.text   C:\Windows\System32\SettingSyncHost.exe[4152] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                            00007ff9ecde977d 1 byte [62]
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort         00007ff9ed616620 5 bytes JMP 00007ffa6d740460
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject                  00007ff9ed616670 5 bytes JMP 00007ffa6d740450
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                  00007ff9ed6167d0 5 bytes JMP 00007ffa6d740370
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx       00007ff9ed616820 5 bytes JMP 00007ffa6d740470
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess             00007ff9ed616830 5 bytes JMP 00007ffa6d7403e0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection                  00007ff9ed6168e0 5 bytes JMP 00007ffa6d740320
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory           00007ff9ed616910 5 bytes JMP 00007ffa6d7403b0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject              00007ff9ed616930 5 bytes JMP 00007ffa6d740390
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent                    00007ff9ed616970 5 bytes JMP 00007ffa6d7402e0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent                  00007ff9ed6169f0 5 bytes JMP 00007ffa6d7402d0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection                00007ff9ed616a10 5 bytes JMP 00007ffa6d740310
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread                 00007ff9ed616a50 5 bytes JMP 00007ffa6d7403c0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread              00007ff9ed616aa0 5 bytes JMP 00007ffa6d7403f0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry                 00007ff9ed616c00 5 bytes JMP 00007ffa6d740230
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort      00007ff9ed616df0 1 byte JMP 00007ffa6d740480
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2  00007ff9ed616df2 3 bytes {JMP 0xffffffff80129690}
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject     00007ff9ed616e20 5 bytes JMP 00007ffa6d7403a0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair              00007ff9ed616f40 5 bytes JMP 00007ffa6d7402f0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion           00007ff9ed616f60 5 bytes JMP 00007ffa6d740350
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant                 00007ff9ed616fd0 5 bytes JMP 00007ffa6d740290
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore              00007ff9ed617060 5 bytes JMP 00007ffa6d7402b0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx               00007ff9ed617080 5 bytes JMP 00007ffa6d7403d0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer                  00007ff9ed617090 5 bytes JMP 00007ffa6d740330
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess           00007ff9ed617140 5 bytes JMP 00007ffa6d740410
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry              00007ff9ed617170 5 bytes JMP 00007ffa6d740240
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver                   00007ff9ed617490 5 bytes JMP 00007ffa6d7401e0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry              00007ff9ed617550 5 bytes JMP 00007ffa6d740250
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey              00007ff9ed617580 5 bytes JMP 00007ffa6d740490
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys     00007ff9ed617590 5 bytes JMP 00007ffa6d7404a0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair                00007ff9ed6175c0 5 bytes JMP 00007ffa6d740300
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion             00007ff9ed6175d0 1 byte JMP 00007ffa6d740360
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2         00007ff9ed6175d2 3 bytes {JMP 0xffffffff80128d90}
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant                   00007ff9ed617630 5 bytes JMP 00007ffa6d7402a0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore                00007ff9ed617680 5 bytes JMP 00007ffa6d7402c0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                   00007ff9ed6176b0 5 bytes JMP 00007ffa6d740380
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer                    00007ff9ed6176c0 5 bytes JMP 00007ffa6d740340
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx             00007ff9ed6179d0 5 bytes JMP 00007ffa6d740440
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder            00007ff9ed617bd0 1 byte JMP 00007ffa6d740260
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2        00007ff9ed617bd2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions               00007ff9ed617be0 1 byte JMP 00007ffa6d740270
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2           00007ff9ed617be2 3 bytes {JMP 0xffffffff80128690}
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread             00007ff9ed617c00 5 bytes JMP 00007ffa6d740400
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation         00007ff9ed617de0 5 bytes JMP 00007ffa6d7401f0
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState          00007ff9ed617df0 5 bytes JMP 00007ffa6d740210
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem               00007ff9ed617e80 5 bytes JMP 00007ffa6d740200
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess               00007ff9ed617ef0 5 bytes JMP 00007ffa6d740420
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread                00007ff9ed617f00 5 bytes JMP 00007ffa6d740430
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl           00007ff9ed617f10 5 bytes JMP 00007ffa6d740220
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl                   00007ff9ed618020 5 bytes JMP 00007ffa6d740280
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6888] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165        00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\splwow64.exe[6880] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                            00007ff9ecde977d 1 byte [62]
.text   C:\WINDOWS\system32\taskeng.exe[36] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                      00007ff9ecde977d 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [608:632]                                                                                                                        fffff960009104d0
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [3104:4976]                                                                                                                      00000000004020b7
Thread  C:\Windows\System32\SettingSyncHost.exe [4152:5948]                                                                                                            00007ff9dd9664f4

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
