GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-17 10:15:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GL00 698,64GB Running: 2ypds2xe.exe; Driver: C:\Users\user\AppData\Local\Temp\kwldapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 000000014a4c0460 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 000000014a4c0450 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 000000014a4c0370 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 000000014a4c0470 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 000000014a4c03e0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 000000014a4c0320 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 000000014a4c03b0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 000000014a4c0390 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 000000014a4c02e0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 000000014a4c02d0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 000000014a4c0310 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 000000014a4c03c0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 000000014a4c03f0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 000000014a4c0230 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 000000014a4c0480 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 000000014a4c03a0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 000000014a4c02f0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 000000014a4c0350 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 000000014a4c0290 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 000000014a4c02b0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 000000014a4c03d0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 000000014a4c0330 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 000000014a4c0410 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 000000014a4c0240 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 000000014a4c01e0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 000000014a4c0250 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 000000014a4c0490 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 000000014a4c04a0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 000000014a4c0300 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 000000014a4c0360 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 000000014a4c02a0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 000000014a4c02c0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 000000014a4c0380 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 000000014a4c0340 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 000000014a4c0440 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 000000014a4c0260 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 000000014a4c0270 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 000000014a4c0400 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 000000014a4c01f0 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 000000014a4c0210 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 000000014a4c0200 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 000000014a4c0420 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 000000014a4c0430 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 000000014a4c0220 .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 000000014a4c0280 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\WLANExt.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\taskhost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 0000000100070280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 0000000100060460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 0000000100060450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 0000000100060370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 0000000100060470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000001000603e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 0000000100060320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000001000603b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 0000000100060390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000001000602e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000001000602d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 0000000100060310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000001000603c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000001000603f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 0000000100060230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 0000000100060480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000001000603a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000001000602f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 0000000100060350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 0000000100060290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000001000602b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000001000603d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 0000000100060330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 0000000100060410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 0000000100060240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000001000601e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 0000000100060250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 0000000100060490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000001000604a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 0000000100060300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 0000000100060360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000001000602a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000001000602c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 0000000100060380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 0000000100060340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 0000000100060440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 0000000100060260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 0000000100060270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 0000000100060400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000001000601f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 0000000100060210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 0000000100060200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 0000000100060420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 0000000100060430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 0000000100060220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 0000000100060280 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\wbem\wmiprvse.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\taskeng.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\DllHost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3924] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000760a8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076071401 2 bytes JMP 760cb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076071419 2 bytes JMP 760cb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076071431 2 bytes JMP 76148f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007607144a 2 bytes CALL 760a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760714dd 2 bytes JMP 76148802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760714f5 2 bytes JMP 761489d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007607150d 2 bytes JMP 761486f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076071525 2 bytes JMP 76148ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007607153d 2 bytes JMP 760bfc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076071555 2 bytes JMP 760c68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007607156d 2 bytes JMP 76148fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076071585 2 bytes JMP 76148b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007607159d 2 bytes JMP 761486bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760715b5 2 bytes JMP 760bfd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760715cd 2 bytes JMP 760cb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760716b2 2 bytes JMP 76148e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760716bd 2 bytes JMP 76148651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007735dc80 5 bytes JMP 00000000774c0460 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007735dcd0 5 bytes JMP 00000000774c0450 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735de30 5 bytes JMP 00000000774c0370 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007735de80 5 bytes JMP 00000000774c0470 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007735de90 5 bytes JMP 00000000774c03e0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007735df40 5 bytes JMP 00000000774c0320 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007735df70 5 bytes JMP 00000000774c03b0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007735df90 5 bytes JMP 00000000774c0390 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007735dfd0 5 bytes JMP 00000000774c02e0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007735e050 5 bytes JMP 00000000774c02d0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007735e070 5 bytes JMP 00000000774c0310 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007735e0b0 5 bytes JMP 00000000774c03c0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007735e100 5 bytes JMP 00000000774c03f0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007735e260 5 bytes JMP 00000000774c0230 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007735e420 5 bytes JMP 00000000774c0480 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007735e450 5 bytes JMP 00000000774c03a0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007735e530 5 bytes JMP 00000000774c02f0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007735e540 5 bytes JMP 00000000774c0350 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007735e5a0 5 bytes JMP 00000000774c0290 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007735e630 5 bytes JMP 00000000774c02b0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007735e650 5 bytes JMP 00000000774c03d0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007735e660 5 bytes JMP 00000000774c0330 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007735e6d0 5 bytes JMP 00000000774c0410 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007735e700 5 bytes JMP 00000000774c0240 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007735e9c0 5 bytes JMP 00000000774c01e0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007735ea80 5 bytes JMP 00000000774c0250 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007735eab0 5 bytes JMP 00000000774c0490 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007735eac0 5 bytes JMP 00000000774c04a0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007735eaf0 5 bytes JMP 00000000774c0300 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007735eb00 5 bytes JMP 00000000774c0360 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007735eb60 5 bytes JMP 00000000774c02a0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007735ebb0 5 bytes JMP 00000000774c02c0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735ebe0 5 bytes JMP 00000000774c0380 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007735ebf0 5 bytes JMP 00000000774c0340 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007735eee0 5 bytes JMP 00000000774c0440 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007735f0e0 5 bytes JMP 00000000774c0260 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007735f0f0 5 bytes JMP 00000000774c0270 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007735f100 5 bytes JMP 00000000774c0400 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007735f2c0 5 bytes JMP 00000000774c01f0 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007735f2d0 5 bytes JMP 00000000774c0210 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007735f340 5 bytes JMP 00000000774c0200 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007735f3a0 5 bytes JMP 00000000774c0420 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007735f3b0 5 bytes JMP 00000000774c0430 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007735f3c0 5 bytes JMP 00000000774c0220 .text C:\Windows\system32\AUDIODG.EXE[3000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007735f4a0 5 bytes JMP 00000000774c0280 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef692741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6925f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6925674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6925e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6927f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6926a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6926ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6927b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6927ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef69278b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6924fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6925d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6927584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Processes - GMER 2.1 ---- Library C:\Users\user\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1672] (GG drive menu/GG Network S.A.)(2015- 000000005ff80000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3956ac554 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3956ad2b2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3956ac554 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3956ad2b2 (not active ControlSet) ---- EOF - GMER 2.1 ----