GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-03 20:18:27 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000005a SAMSUNG_ rev.2AJ1 298,09GB Running: q524071z.exe; Driver: C:\Users\kamila\AppData\Local\Temp\pwdiqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000149780460 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000149780450 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000149780370 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000149780470 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001497803e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000149780320 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001497803b0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000149780390 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001497802e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001497802d0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000149780310 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001497803c0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001497803f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000149780230 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000149780480 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001497803a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001497802f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000149780350 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000149780290 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001497802b0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001497803d0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000149780330 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000149780410 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000149780240 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001497801e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000149780250 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000149780490 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001497804a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000149780300 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000149780360 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001497802a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001497802c0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000149780380 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000149780340 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000149780440 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000149780260 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000149780270 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000149780400 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001497801f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000149780210 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000149780200 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000149780420 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000149780430 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000149780220 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000149780280 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000149780460 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000149780450 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000149780370 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000149780470 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001497803e0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000149780320 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001497803b0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000149780390 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001497802e0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001497802d0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000149780310 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001497803c0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001497803f0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000149780230 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000149780480 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001497803a0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001497802f0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000149780350 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000149780290 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001497802b0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001497803d0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000149780330 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000149780410 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000149780240 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001497801e0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000149780250 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000149780490 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001497804a0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000149780300 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000149780360 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001497802a0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001497802c0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000149780380 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000149780340 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000149780440 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000149780260 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000149780270 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000149780400 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001497801f0 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000149780210 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000149780200 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000149780420 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000149780430 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000149780220 .text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000149780280 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\atiesrxx.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\atieclxx.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\taskhost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\Apoint\Apoint.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\System32\spoolsv.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[2984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files (x86)\STab\ProtectService.exe[3044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text C:\Program Files (x86)\STab\ProtectService.exe[3044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text C:\Program Files (x86)\STab\HPNotify.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text C:\Program Files (x86)\STab\HPNotify.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text c:\Program Files\Microsoft SQL Server\MSSQL10_50.GABINET\MSSQL\Binn\sqlservr.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000100270460 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000100270450 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000100270370 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000100270470 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001002703e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000100270320 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001002703b0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000100270390 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001002702e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001002702d0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000100270310 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001002703c0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001002703f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000100270230 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000100270480 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001002703a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001002702f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000100270350 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000100270290 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001002702b0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001002703d0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000100270330 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000100270410 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000100270240 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001002701e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000100270250 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000100270490 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001002704a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000100270300 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000100270360 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001002702a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001002702c0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000100270380 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000100270340 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000100270440 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000100270260 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000100270270 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000100270400 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001002701f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000100270210 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000100270200 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000100270420 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000100270430 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000100270220 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000100270280 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076721465 2 bytes [72, 76] .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767214bb 2 bytes [72, 76] .text ... * 2 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000100070460 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000100070370 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000100070470 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001000703e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000100070320 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001000703b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000100070390 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001000702d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000100070310 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001000703c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000100070230 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000100070480 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001000702f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000100070350 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000100070290 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001000702b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001000703d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000100070330 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000100070410 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000100070240 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000100070250 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000100070490 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001000702a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001000702c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000100070260 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000100070270 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000100070400 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000100070210 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000100070200 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000100070420 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000100070430 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000100070220 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000100070280 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\iPod\bin\iPodService.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\Apoint\ApMsgFwd.exe[3220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\Apoint\Apntex.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\conhost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\Apoint\Apvfb.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\wbem\wmiprvse.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\wbem\unsecapp.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\System32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\System32\vds.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\system32\wuauclt.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 0000000100070460 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 0000000100070370 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 0000000100070470 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000001000703e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 0000000100070320 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000001000703b0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 0000000100070390 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000001000702d0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 0000000100070310 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000001000703c0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 0000000100070230 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 0000000100070480 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000001000702f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 0000000100070350 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 0000000100070290 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000001000702b0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000001000703d0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 0000000100070330 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 0000000100070410 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 0000000100070240 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 0000000100070250 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 0000000100070490 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000001000702a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000001000702c0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 0000000100070260 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 0000000100070270 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 0000000100070400 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 0000000100070210 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 0000000100070200 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 0000000100070420 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 0000000100070430 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 0000000100070220 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[4696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007725f760 5 bytes JMP 00000000773c0460 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007725f7b0 5 bytes JMP 00000000773c0450 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007725f910 5 bytes JMP 00000000773c0370 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007725f960 5 bytes JMP 00000000773c0470 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007725f970 5 bytes JMP 00000000773c03e0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007725fa20 5 bytes JMP 00000000773c0320 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007725fa50 5 bytes JMP 00000000773c03b0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007725fa70 5 bytes JMP 00000000773c0390 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007725fab0 5 bytes JMP 00000000773c02e0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007725fb30 5 bytes JMP 00000000773c02d0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007725fb50 5 bytes JMP 00000000773c0310 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007725fb90 5 bytes JMP 00000000773c03c0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007725fbe0 5 bytes JMP 00000000773c03f0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007725fd40 5 bytes JMP 00000000773c0230 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007725ff00 5 bytes JMP 00000000773c0480 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007725ff30 5 bytes JMP 00000000773c03a0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077260010 5 bytes JMP 00000000773c02f0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077260020 5 bytes JMP 00000000773c0350 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077260080 5 bytes JMP 00000000773c0290 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077260110 5 bytes JMP 00000000773c02b0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077260130 5 bytes JMP 00000000773c03d0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077260140 5 bytes JMP 00000000773c0330 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772601b0 5 bytes JMP 00000000773c0410 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772601e0 5 bytes JMP 00000000773c0240 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772604a0 5 bytes JMP 00000000773c01e0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077260560 5 bytes JMP 00000000773c0250 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077260590 5 bytes JMP 00000000773c0490 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772605a0 5 bytes JMP 00000000773c04a0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772605d0 5 bytes JMP 00000000773c0300 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772605e0 5 bytes JMP 00000000773c0360 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077260640 5 bytes JMP 00000000773c02a0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077260690 5 bytes JMP 00000000773c02c0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772606c0 5 bytes JMP 00000000773c0380 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772606d0 5 bytes JMP 00000000773c0340 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772609c0 5 bytes JMP 00000000773c0440 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077260bc0 5 bytes JMP 00000000773c0260 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077260bd0 5 bytes JMP 00000000773c0270 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077260be0 5 bytes JMP 00000000773c0400 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077260da0 5 bytes JMP 00000000773c01f0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077260db0 5 bytes JMP 00000000773c0210 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077260e20 5 bytes JMP 00000000773c0200 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077260e80 5 bytes JMP 00000000773c0420 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077260e90 5 bytes JMP 00000000773c0430 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077260ea0 5 bytes JMP 00000000773c0220 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077260f80 5 bytes JMP 00000000773c0280 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1536] (WindowsProtectManger Service/Fuyu LIMITED)(2014-12-21 13:10:07) 00000000012a0000 Process C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe (*** suspicious ***) @ C:\Users\kamila\AppData\Roaming\TornTV.com\TornTVSvc.exe [2836] (TornTV Service/Cool Mirage)(2014-11-18 14:15:20) 0000000000970000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fe70ca Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fe70ca (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=70776 Microsoft Office 2007 PeL\x201ana wersja\OFFICE 2007\setup.exe 1 ---- EOF - GMER 2.1 ----