GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-01 10:53:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000095 Samsung_ rev.DXM0 238,47GB Running: ny8ly96y.exe; Driver: C:\Windows\TEMP\uxtdapoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003403000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003403040 1 byte [03] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 000000014a1a0460 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 000000014a1a0450 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 000000014a1a0370 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 000000014a1a0470 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 000000014a1a03e0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 000000014a1a0320 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 000000014a1a03b0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 000000014a1a0390 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 000000014a1a02e0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 000000014a1a02d0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 000000014a1a0310 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 000000014a1a03c0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 000000014a1a03f0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 000000014a1a0230 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 000000014a1a0480 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 000000014a1a03a0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 000000014a1a02f0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 000000014a1a0350 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 000000014a1a0290 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 000000014a1a02b0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 000000014a1a03d0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 000000014a1a0330 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 000000014a1a0410 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 000000014a1a0240 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 000000014a1a01e0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 000000014a1a0250 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 000000014a1a0490 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 000000014a1a04a0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 000000014a1a0300 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 000000014a1a0360 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 000000014a1a02a0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 000000014a1a02c0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 000000014a1a0380 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 000000014a1a0340 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 000000014a1a0440 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 000000014a1a0260 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 000000014a1a0270 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 000000014a1a0400 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 000000014a1a01f0 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 000000014a1a0210 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 000000014a1a0200 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 000000014a1a0420 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 000000014a1a0430 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 000000014a1a0220 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 000000014a1a0280 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\wininit.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 000000014a1a0460 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 000000014a1a0450 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 000000014a1a0370 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 000000014a1a0470 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 000000014a1a03e0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 000000014a1a0320 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 000000014a1a03b0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 000000014a1a0390 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 000000014a1a02e0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 000000014a1a02d0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 000000014a1a0310 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 000000014a1a03c0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 000000014a1a03f0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 000000014a1a0230 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 000000014a1a0480 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 000000014a1a03a0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 000000014a1a02f0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 000000014a1a0350 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 000000014a1a0290 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 000000014a1a02b0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 000000014a1a03d0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 000000014a1a0330 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 000000014a1a0410 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 000000014a1a0240 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 000000014a1a01e0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 000000014a1a0250 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 000000014a1a0490 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 000000014a1a04a0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 000000014a1a0300 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 000000014a1a0360 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 000000014a1a02a0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 000000014a1a02c0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 000000014a1a0380 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 000000014a1a0340 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 000000014a1a0440 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 000000014a1a0260 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 000000014a1a0270 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 000000014a1a0400 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 000000014a1a01f0 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 000000014a1a0210 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 000000014a1a0200 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 000000014a1a0420 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 000000014a1a0430 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 000000014a1a0220 .text C:\Windows\system32\csrss.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 000000014a1a0280 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\services.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\lsass.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\lsm.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\IDT\WDM\STacSV64.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\WLANExt.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\inetsrv\inetinfo.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\snmp.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\PrintIsolationHost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100070230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100070250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100070490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\Dwm.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100060280 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[4668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\hkcmd.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\System32\igfxpers.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100070460 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100070370 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100070470 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100070320 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100070390 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100070310 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100070230 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100070250 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100070490 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Windows Sidebar\sidebar.exe[5836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\kernel32.dll .text D:\Pulpit\Bench\ThrottleStop\ThrottleStop.exe[5996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1092] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077868791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\wbem\wmiprvse.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\system32\wbem\unsecapp.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[6504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a71401 2 bytes JMP 7788b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a71419 2 bytes JMP 7788b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a71431 2 bytes JMP 77908ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a7144a 2 bytes CALL 778648ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a714dd 2 bytes JMP 779087a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a714f5 2 bytes JMP 77908978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a7150d 2 bytes JMP 77908698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a71525 2 bytes JMP 77908a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a7153d 2 bytes JMP 7787fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a71555 2 bytes JMP 778868ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a7156d 2 bytes JMP 77908f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a71585 2 bytes JMP 77908ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a7159d 2 bytes JMP 7790865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a715b5 2 bytes JMP 7787fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a715cd 2 bytes JMP 7788b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a716b2 2 bytes JMP 77908e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a716bd 2 bytes JMP 779085f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c71360 5 bytes JMP 0000000077dd0460 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c713b0 5 bytes JMP 0000000077dd0450 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c71510 5 bytes JMP 0000000077dd0370 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c71560 5 bytes JMP 0000000077dd0470 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c71570 5 bytes JMP 0000000077dd03e0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c71620 5 bytes JMP 0000000077dd0320 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c71650 5 bytes JMP 0000000077dd03b0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c71670 5 bytes JMP 0000000077dd0390 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c716b0 5 bytes JMP 0000000077dd02e0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c71730 5 bytes JMP 0000000077dd02d0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c71750 5 bytes JMP 0000000077dd0310 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c71790 5 bytes JMP 0000000077dd03c0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c717e0 5 bytes JMP 0000000077dd03f0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c71940 5 bytes JMP 0000000077dd0230 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c71b00 5 bytes JMP 0000000077dd0480 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c71b30 5 bytes JMP 0000000077dd03a0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c71c10 5 bytes JMP 0000000077dd02f0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c71c20 5 bytes JMP 0000000077dd0350 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c71c80 5 bytes JMP 0000000077dd0290 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c71d10 5 bytes JMP 0000000077dd02b0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c71d30 5 bytes JMP 0000000077dd03d0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c71d40 5 bytes JMP 0000000077dd0330 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c71db0 5 bytes JMP 0000000077dd0410 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c71de0 5 bytes JMP 0000000077dd0240 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c720a0 5 bytes JMP 0000000077dd01e0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c72160 5 bytes JMP 0000000077dd0250 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c72190 5 bytes JMP 0000000077dd0490 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c721a0 5 bytes JMP 0000000077dd04a0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c721d0 5 bytes JMP 0000000077dd0300 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c721e0 5 bytes JMP 0000000077dd0360 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c72240 5 bytes JMP 0000000077dd02a0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c72290 5 bytes JMP 0000000077dd02c0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c722c0 5 bytes JMP 0000000077dd0380 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c722d0 5 bytes JMP 0000000077dd0340 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c725c0 5 bytes JMP 0000000077dd0440 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c727c0 5 bytes JMP 0000000077dd0260 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c727d0 5 bytes JMP 0000000077dd0270 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c727e0 5 bytes JMP 0000000077dd0400 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c729a0 5 bytes JMP 0000000077dd01f0 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c729b0 5 bytes JMP 0000000077dd0210 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c72a20 5 bytes JMP 0000000077dd0200 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c72a80 5 bytes JMP 0000000077dd0420 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c72a90 5 bytes JMP 0000000077dd0430 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c72aa0 5 bytes JMP 0000000077dd0220 .text C:\totalcmd\TOTALCMD64.EXE[3104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c72b80 5 bytes JMP 0000000077dd0280 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001095e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001095c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001096614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001096a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800109686c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [fe8b41057320ff83] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeSetEvent] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IofCompleteRequest] [fffff0b90c428b30] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [fe3bd80344c20301] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [ff41f3f741c6ff49] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [ff46084103e0c0c2] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!MmUnlockPages] [f5860f2b3900856c] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!EtwRegister] [fff000188c8d4803] [unknown section] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\a5rlacsf.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\a5rlacsf \Device\Scsi\a5rlacsf1 fffffa800a0a82c0 Device \Driver\a5rlacsf \Device\Scsi\a5rlacsf1Port1Path0Target0Lun0 fffffa800a0a82c0 Device \FileSystem\Ntfs \Ntfs fffffa80074702c0 Device \FileSystem\fastfat \Fat fffffa800c00e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E48B69DB-D375-45AB-86AA-46B01BCA3871} fffffa8007e8d2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8009f742c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa800746c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007d732c0 Device \Driver\USBSTOR \Device\000000aa fffffa800af0c2c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007d732c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{341911CD-592A-412E-8A73-2C6F9A5FF982} fffffa8007e8d2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8009f742c0 Device \Driver\iaStorA \Device\00000095 fffffa800746c2c0 Device \Driver\iaStorA \Device\00000095 fffffa800746c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{005A36CD-8C0C-48EF-BB8C-4514F58A5928} fffffa8007e8d2c0 Device \Driver\USBSTOR \Device\000000a9 fffffa800af0c2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8009f742c0 Device \Driver\iaStorA \Device\00000096 fffffa800746c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6501D724-ACC5-43FB-B0C2-E1E06C476C98} fffffa8007e8d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3A4CF8CF-EB18-480A-BECF-B75792C8834F} fffffa8007e8d2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007e8d2c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa800746c2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8009f742c0 Device \Driver\a5rlacsf \Device\ScsiPort1 fffffa800a0a82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D437A3EF-A96F-4663-BEB1-CCF2E1CF3037} fffffa8007e8d2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys vsflt53.sys iaStorF.sys >>UNKNOWN [0xfffffa800746c2c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa800746c2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c13790] fffffa8007c13790 Trace 3 CLASSPNP.SYS[fffff88001e5143f] -> nt!IofCallDriver -> [0xfffffa8007b52b10] fffffa8007b52b10 Trace 5 hpdskflt.sys[fffff88001fe8189] -> nt!IofCallDriver -> [0xfffffa8007b4da40] fffffa8007b4da40 Trace 7 vsflt53.sys[fffff88000f49cfd] -> nt!IofCallDriver -> [0xfffffa8007b4dc50] fffffa8007b4dc50 Trace 9 iaStorF.sys[fffff88002201aa4] -> nt!IofCallDriver -> \Device\00000095[0xfffffa8007978660] fffffa8007978660 Trace \Driver\iaStorA[0xfffffa80078f3e20] -> IRP_MJ_CREATE -> 0xfffffa800746c2c0 fffffa800746c2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a5rlacsf.SYS (USB Mass Storage Class Driver/Microsoft Corporation)(2013-05-27 11:28:46) fffff88006b71000-fffff88006bc2000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3112:4328] 000007fef4039688 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [6984:6996] 0000000077e52e65 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [6984:7016] 000000006c7d8f48 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [6984:7024] 0000000077e53e85 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [6984:7028] 0000000077e53e85 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [6984:7272] 0000000077e53e85 ---- Processes - GMER 2.1 ---- Library C:\Program Files\Altap Salamander\utils\salextx64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4668] 000007fef4010000 Library C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\IntelDTSReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [5836] (IntelDTSReader/Orbmu2k)(2013-05-28 08:09:41) 0000000066a60000 Library C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUObserver37.gadget\GPUStatusReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [5836] (GPUStatusReader/Orbmu2k)(2013-05-28 08:10:33) 00000000660b0000 Library C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [5836] (WinRing0/OpenLibSys.org)(2013-05-28 08:09:41) 0000000180000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\BITS Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728959a163 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728959a163@f008f12313c5 0x30 0xDC 0x4E 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0xF8 0x8D 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x04 0x2D 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xEF 0xE0 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x33 0xA7 0x46 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728959a163 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728959a163@f008f12313c5 0x30 0xDC 0x4E 0x3E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0xF8 0x8D 0x15 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x04 0x2D 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xEF 0xE0 0x99 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x33 0xA7 0x46 0x17 ... Reg HKCU\Software\Microsoft\Windows Live Mail@SqmSrvSuccessCount IMAP 10408 ---- EOF - GMER 2.1 ----