GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-12-28 17:46:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\axdiakod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003001000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000300102f 16 bytes [00, 00, 10, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 000000014a040460 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 000000014a040450 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 000000014a040370 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 000000014a040470 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 000000014a0403e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 000000014a040320 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 000000014a0403b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 000000014a040390 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 000000014a0402e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 000000014a0402d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 000000014a040310 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 000000014a0403c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 000000014a0403f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 000000014a040230 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 000000014a040480 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 000000014a0403a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 000000014a0402f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 000000014a040350 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 000000014a040290 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 000000014a0402b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 000000014a0403d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 000000014a040330 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 000000014a040410 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 000000014a040240 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 000000014a0401e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 000000014a040250 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 000000014a040490 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 000000014a0404a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 000000014a040300 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 000000014a040360 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 000000014a0402a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 000000014a0402c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 000000014a040380 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 000000014a040340 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 000000014a040440 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 000000014a040260 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 000000014a040270 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 000000014a040400 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 000000014a0401f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 000000014a040210 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 000000014a040200 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 000000014a040420 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 000000014a040430 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 000000014a040220 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 000000014a040280 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 000000014a040460 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 000000014a040450 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 000000014a040370 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 000000014a040470 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 000000014a0403e0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 000000014a040320 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 000000014a0403b0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 000000014a040390 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 000000014a0402e0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 000000014a0402d0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 000000014a040310 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 000000014a0403c0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 000000014a0403f0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 000000014a040230 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 000000014a040480 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 000000014a0403a0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 000000014a0402f0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 000000014a040350 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 000000014a040290 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 000000014a0402b0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 000000014a0403d0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 000000014a040330 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 000000014a040410 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 000000014a040240 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 000000014a0401e0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 000000014a040250 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 000000014a040490 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 000000014a0404a0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 000000014a040300 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 000000014a040360 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 000000014a0402a0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 000000014a0402c0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 000000014a040380 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 000000014a040340 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 000000014a040440 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 000000014a040260 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 000000014a040270 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 000000014a040400 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 000000014a0401f0 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 000000014a040210 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 000000014a040200 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 000000014a040420 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 000000014a040430 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 000000014a040220 .text C:\Windows\system32\csrss.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 000000014a040280 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\services.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\lsass.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\lsm.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\System32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\atieclxx.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\WLANExt.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\taskhost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\System32\hkcmd.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\System32\igfxpers.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\svchost.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\System32\rundll32.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\IDT\WDM\sttray64.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Apoint2K\Apoint.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\taskeng.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\wbem\unsecapp.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\wbem\wmiprvse.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4508] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075668791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[4964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4672] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4672] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[5392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files\Apoint2K\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\conhost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000100070280 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!DispatchMessageW 000000007556787b 5 bytes JMP 0000000166938330 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075567bbb 5 bytes JMP 0000000166938300 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075568a29 5 bytes JMP 0000000166938d10 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075568e4e 5 bytes JMP 0000000166938490 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000075569a55 5 bytes JMP 0000000166938460 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007556d22e 5 bytes JMP 0000000166938bd0 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000755705ba 5 bytes JMP 0000000166938650 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075570dfb 5 bytes JMP 0000000166938360 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075571341 5 bytes JMP 0000000166938730 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075571361 5 bytes JMP 00000001669386d0 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 00000000755728da 5 bytes JMP 0000000166938b50 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!SetCursor 00000000755741f6 5 bytes JMP 0000000166937c00 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075575f74 5 bytes JMP 00000001669385f0 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075577b3b 5 bytes JMP 00000001669386b0 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!AnimateWindow 000000007557b531 5 bytes JMP 0000000166938500 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 000000007557ba4a 5 bytes JMP 0000000166938a80 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!WindowFromPoint 000000007558ed12 5 bytes JMP 0000000166937c20 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!SetCapture 000000007558ed56 5 bytes JMP 00000001669385d0 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007558f170 5 bytes JMP 0000000166938590 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000753d5ea6 5 bytes JMP 0000000166937c50 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000753db895 5 bytes JMP 0000000166937ed0 .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76] .text C:\PROGRA~2\Raptr\raptr.exe[7544] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\System32\svchost.exe[7500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077331360 5 bytes JMP 0000000077490460 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773313b0 5 bytes JMP 0000000077490450 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077331510 5 bytes JMP 0000000077490370 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077331560 5 bytes JMP 0000000077490470 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077331570 5 bytes JMP 00000000774903e0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077331620 5 bytes JMP 0000000077490320 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077331650 5 bytes JMP 00000000774903b0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077331670 5 bytes JMP 0000000077490390 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773316b0 5 bytes JMP 00000000774902e0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077331730 5 bytes JMP 00000000774902d0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077331750 5 bytes JMP 0000000077490310 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077331790 5 bytes JMP 00000000774903c0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773317e0 5 bytes JMP 00000000774903f0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077331940 5 bytes JMP 0000000077490230 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077331b00 5 bytes JMP 0000000077490480 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077331b30 5 bytes JMP 00000000774903a0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077331c10 5 bytes JMP 00000000774902f0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077331c20 5 bytes JMP 0000000077490350 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077331c80 5 bytes JMP 0000000077490290 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077331d10 5 bytes JMP 00000000774902b0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077331d30 5 bytes JMP 00000000774903d0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077331d40 5 bytes JMP 0000000077490330 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077331db0 5 bytes JMP 0000000077490410 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077331de0 5 bytes JMP 0000000077490240 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773320a0 5 bytes JMP 00000000774901e0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077332160 5 bytes JMP 0000000077490250 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077332190 5 bytes JMP 0000000077490490 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773321a0 5 bytes JMP 00000000774904a0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773321d0 5 bytes JMP 0000000077490300 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773321e0 5 bytes JMP 0000000077490360 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077332240 5 bytes JMP 00000000774902a0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077332290 5 bytes JMP 00000000774902c0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773322c0 5 bytes JMP 0000000077490380 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773322d0 5 bytes JMP 0000000077490340 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773325c0 5 bytes JMP 0000000077490440 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773327c0 5 bytes JMP 0000000077490260 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773327d0 5 bytes JMP 0000000077490270 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773327e0 5 bytes JMP 0000000077490400 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773329a0 5 bytes JMP 00000000774901f0 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773329b0 5 bytes JMP 0000000077490210 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077332a20 5 bytes JMP 0000000077490200 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077332a80 5 bytes JMP 0000000077490420 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077332a90 5 bytes JMP 0000000077490430 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077332aa0 5 bytes JMP 0000000077490220 .text C:\Windows\system32\AUDIODG.EXE[6500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077332b80 5 bytes JMP 0000000077490280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb420b7c22 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb420b7c22 (not active ControlSet) ---- EOF - GMER 2.1 ----