GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-25 21:07:20 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 TOSHIBA_THNSNS128GMCP rev.TA5ABBF0 119,24GB Running: tulvloi7.exe; Driver: C:\Users\RENIFE~1\AppData\Local\Temp\kwdorpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\wininit.exe[568] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\svchost.exe[948] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\System32\svchost.exe[504] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\WLANExt.exe[1228] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\svchost.exe[1528] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\svchost.exe[2068] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2500] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\wbem\wmiprvse.exe[3200] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\SearchIndexer.exe[4992] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5516] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5784] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[3196] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files (x86)\FindRight\bin\FilterApp_C64.exe[6732] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files (x86)\FindRight\bin\FilterApp_C64.exe[6732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc8af1177a 4 bytes [F1, 8A, FC, 07] .text C:\Program Files (x86)\FindRight\bin\FilterApp_C64.exe[6732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc8af11782 4 bytes [F1, 8A, FC, 07] .text C:\Windows\system32\csrss.exe[4308] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\System32\WinLogon.exe[2860] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\System32\dwm.exe[4320] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\system32\taskhostex.exe[4900] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\Explorer.EXE[8020] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\Explorer.EXE[8020] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc841c1532 4 bytes [1C, 84, FC, 07] .text C:\Windows\Explorer.EXE[8020] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc841c153a 4 bytes [1C, 84, FC, 07] .text C:\Windows\Explorer.EXE[8020] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc841c165a 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fc8c3a2c90 5 bytes JMP 000007fd0c570460 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fc8c3a2ce0 5 bytes JMP 000007fd0c570450 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fc8c3a2e40 5 bytes JMP 000007fd0c570370 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fc8c3a2e90 5 bytes JMP 000007fd0c570470 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fc8c3a2ea0 5 bytes JMP 000007fd0c5703e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fc8c3a2f50 5 bytes JMP 000007fd0c570320 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fc8c3a2f80 5 bytes JMP 000007fd0c5703b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fc8c3a2fa0 5 bytes JMP 000007fd0c570390 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fc8c3a2fe0 5 bytes JMP 000007fd0c5702e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fc8c3a3060 5 bytes JMP 000007fd0c5702d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fc8c3a3080 1 byte JMP 000007fd0c570310 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fc8c3a3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fc8c3a30c0 5 bytes JMP 000007fd0c5703c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fc8c3a3110 5 bytes JMP 000007fd0c5703f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fc8c3a3281 5 bytes JMP 000007fd0c570230 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fc8c3a3471 5 bytes JMP 000007fd0c570480 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fc8c3a34a1 5 bytes JMP 000007fd0c5703a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fc8c3a35b1 5 bytes JMP 000007fd0c5702f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fc8c3a35d1 5 bytes JMP 000007fd0c570350 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fc8c3a3641 5 bytes JMP 000007fd0c570290 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fc8c3a36d1 5 bytes JMP 000007fd0c5702b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fc8c3a36f1 5 bytes JMP 000007fd0c5703d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fc8c3a3701 5 bytes JMP 000007fd0c570330 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fc8c3a37a1 5 bytes JMP 000007fd0c570410 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fc8c3a37d1 5 bytes JMP 000007fd0c570240 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fc8c3a3ae1 5 bytes JMP 000007fd0c5701e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fc8c3a3ba1 5 bytes JMP 000007fd0c570250 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fc8c3a3bd1 5 bytes JMP 000007fd0c570490 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fc8c3a3be1 5 bytes JMP 000007fd0c5704a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fc8c3a3c11 5 bytes JMP 000007fd0c570300 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fc8c3a3c21 5 bytes JMP 000007fd0c570360 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fc8c3a3c81 5 bytes JMP 000007fd0c5702a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fc8c3a3cd1 5 bytes JMP 000007fd0c5702c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fc8c3a3d01 5 bytes JMP 000007fd0c570380 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fc8c3a3d11 5 bytes JMP 000007fd0c570340 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fc8c3a4021 5 bytes JMP 000007fd0c570440 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fc8c3a4221 5 bytes JMP 000007fd0c570260 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fc8c3a4231 5 bytes JMP 000007fd0c570270 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fc8c3a4251 5 bytes JMP 000007fd0c570400 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fc8c3a4431 5 bytes JMP 000007fd0c5701f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fc8c3a4441 5 bytes JMP 000007fd0c570210 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fc8c3a44b1 5 bytes JMP 000007fd0c570200 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fc8c3a4521 5 bytes JMP 000007fd0c570420 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fc8c3a4531 5 bytes JMP 000007fd0c570430 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fc8c3a4541 5 bytes JMP 000007fd0c570220 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fc8c3a4651 5 bytes JMP 000007fd0c570280 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6452] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5476] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5476] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc841c1532 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5476] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc841c153a 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5476] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc841c165a 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4000] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc841c1532 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc841c153a 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4000] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc841c165a 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6520] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6520] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc841c1532 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6520] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc841c153a 4 bytes [1C, 84, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6520] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc841c165a 4 bytes [1C, 84, FC, 07] .text C:\Windows\System32\rundll32.exe[1312] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\System32\rundll32.exe[1312] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc841c1532 4 bytes [1C, 84, FC, 07] .text C:\Windows\System32\rundll32.exe[1312] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc841c153a 4 bytes [1C, 84, FC, 07] .text C:\Windows\System32\rundll32.exe[1312] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc841c165a 4 bytes [1C, 84, FC, 07] .text C:\Windows\System32\hkcmd.exe[5324] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[1304] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[1304] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc8af1177a 4 bytes [F1, 8A, FC, 07] .text C:\Windows\System32\igfxpers.exe[1304] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc8af11782 4 bytes [F1, 8A, FC, 07] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3728] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files (x86)\Optical TrackPad\OTPCmd.exe[640] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] .text C:\Program Files (x86)\Optical TrackPad\OTPCmd.exe[640] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc841c1532 4 bytes [1C, 84, FC, 07] .text C:\Program Files (x86)\Optical TrackPad\OTPCmd.exe[640] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc841c153a 4 bytes [1C, 84, FC, 07] .text C:\Program Files (x86)\Optical TrackPad\OTPCmd.exe[640] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc841c165a 4 bytes [1C, 84, FC, 07] .text C:\Windows\system32\AUDIODG.EXE[8088] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fc8abdf7eb 1 byte [62] ---- Threads - GMER 2.1 ---- Thread [1220:1400] 0000000077b550a7 Thread [1220:1404] 0000000074eaf28e Thread [1220:1412] 0000000075bb8064 Thread [1220:1420] 00000000748efd00 Thread [1220:1428] 0000000074855880 Thread [1220:1492] 000000007458ee70 Thread [1220:1496] 000000007458e600 Thread [1220:1556] 0000000074eaf28e Thread [1220:1560] 0000000074eaf28e Thread [1220:1564] 0000000074eaf28e Thread [1220:1668] 0000000074eaf28e Thread [1220:276] 0000000074581e90 Thread [1220:1256] 0000000074581e90 Thread [1220:1580] 0000000074581e90 Thread [1220:1544] 0000000074581e90 Thread [1220:1628] 0000000074581e90 Thread [1220:1708] 0000000074582e40 Thread [1220:1740] 0000000074582540 Thread [1220:1744] 00000000745cacf0 Thread [1220:1756] 00000000745c99e0 Thread [1220:1892] 00000000745c9e60 Thread [1220:1900] 0000000074584650 Thread [1220:1840] 0000000074584650 Thread [1220:1876] 0000000074584650 Thread [1220:1836] 0000000074584650 Thread [1220:1908] 0000000074584650 Thread [1220:1884] 0000000073891080 Thread [1220:1904] 0000000073861530 Thread [1220:1880] 000000007458fb30 Thread [1220:1896] 0000000074583fe0 Thread [1220:1888] 0000000074eaf28e Thread [1220:2192] 0000000073c77419 Thread [1220:2196] 00000000745f03c0 Thread [1220:2200] 00000000745271a0 Thread [1220:2204] 00000000738916d0 Thread [1220:2220] 00000000734c95b0 Thread [1220:2228] 0000000075874f62 Thread [1220:2232] 0000000074eaf28e Thread [1220:2236] 0000000074eaf28e Thread [1220:2240] 0000000074eaf28e Thread [1220:2244] 0000000074eaf28e Thread [1220:2880] 000000007344b5b0 Thread [1220:2888] 000000007344b5b0 Thread [1220:2892] 000000007344b5b0 Thread [1220:2896] 000000007344b5b0 Thread [1220:2900] 000000007344b5b0 Thread [1220:2904] 000000007344b5b0 Thread [1220:2908] 000000007344b5b0 Thread [1220:2912] 000000007344b5b0 Thread [1220:2916] 000000007344b5b0 Thread [1220:2984] 0000000074eaf28e Thread [1220:2988] 00000000748f3e90 Thread [1220:2996] 00000000748f5cd0 Thread [1220:3000] 0000000074eaf28e Thread [1220:2252] 0000000074eaf28e Thread [1220:2260] 0000000074598540 Thread [1220:2852] 0000000074eaf28e Thread [1220:3760] 0000000077b550a7 Thread [1220:380] 0000000074eaf28e Thread [1220:7836] 0000000074eaf28e Thread [1220:7884] 0000000074eaf28e Thread [1220:2524] 0000000074eaf28e Thread [1220:6920] 0000000074eaf28e Thread [1220:8052] 0000000074eaf28e Thread [1220:7672] 0000000077b550a7 Thread [1220:1396] 0000000077b550a7 Thread [1220:7512] 0000000077b550a7 Thread [1220:4864] 0000000077b550a7 Thread [1220:6224] 0000000077b550a7 Thread [1220:5412] 0000000073ad74e5 Thread [1220:5964] 0000000077b550a7 Thread [1220:944] 0000000077b550a7 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [760:6760] 000007fc7b4f76c0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [760:3636] 000007fc7b4f76c0 Thread C:\Windows\system32\csrss.exe [4308:7020] fffff960008e85e8 Thread C:\Windows\SYSTEM32\ntdll.dll [4976:7132] 00000000002cfdef Thread C:\Windows\SYSTEM32\ntdll.dll [4976:212] 00000000002b70b0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----