GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-11 03:01:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698,64GB Running: jhnmqgsg.exe; Driver: C:\Users\wyszo\AppData\Local\Temp\pwddakog.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 0000000100040460 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 0000000100040450 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 0000000100040370 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 0000000100040470 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000001000403e0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 0000000100040320 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000001000403b0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 0000000100040390 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000001000402e0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000001000402d0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 0000000100040310 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000001000403c0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000001000403f0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 0000000100040230 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 0000000100040480 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000001000403a0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000001000402f0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 0000000100040350 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 0000000100040290 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000001000402b0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000001000403d0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 0000000100040330 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 0000000100040410 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 0000000100040240 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000001000401e0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 0000000100040250 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 0000000100040490 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000001000404a0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 0000000100040300 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 0000000100040360 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000001000402a0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000001000402c0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 0000000100040380 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 0000000100040340 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 0000000100040440 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 0000000100040260 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 0000000100040270 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 0000000100040400 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000001000401f0 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 0000000100040210 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 0000000100040200 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 0000000100040420 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 0000000100040430 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 0000000100040220 .text C:\windows\system32\csrss.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 0000000100040280 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000001499e0460 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000001499e0450 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000001499e0370 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000001499e0470 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000001499e03e0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000001499e0320 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000001499e03b0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000001499e0390 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000001499e02e0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000001499e02d0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000001499e0310 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000001499e03c0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000001499e03f0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000001499e0230 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000001499e0480 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000001499e03a0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000001499e02f0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000001499e0350 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000001499e0290 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000001499e02b0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000001499e03d0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000001499e0330 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000001499e0410 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000001499e0240 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000001499e01e0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000001499e0250 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000001499e0490 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000001499e04a0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000001499e0300 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000001499e0360 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000001499e02a0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000001499e02c0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000001499e0380 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000001499e0340 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000001499e0440 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000001499e0260 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000001499e0270 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000001499e0400 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000001499e01f0 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000001499e0210 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000001499e0200 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000001499e0420 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000001499e0430 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000001499e0220 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000001499e0280 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\services.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\lsass.exe[712] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\lsm.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\System32\svchost.exe[420] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\System32\svchost.exe[572] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[1200] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fefa512460 5 bytes JMP 000007fefd1e02d0 .text C:\windows\SYSTEM32\WISPTIS.EXE[1272] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fefa5496b0 6 bytes JMP 000007fefd1e0298 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\WLANExt.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\System32\spoolsv.exe[1532] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\System32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1176] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000000231401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000000231419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000000231431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42 000000000023144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000002314dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000002314f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000000023150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000000231525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000000023153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!EnumProcesses + 17 0000000000231555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000000023156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000000231585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000000023159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000002315b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000002315cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000002316b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2056] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000002316bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000151401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000151419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000151431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000015144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000001514dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000001514f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000015150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000151525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000015153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000151555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000015156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000151585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000015159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000001515b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000001515cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000001516b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000001516bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2364] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\taskhost.exe[2928] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fefa512460 5 bytes JMP 000007fefd1e02d0 .text C:\windows\SYSTEM32\WISPTIS.EXE[2980] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fefa5496b0 6 bytes JMP 000007fefd1e0298 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\Dwm.exe[3056] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef638dc88 5 bytes JMP 000007fff63600d8 .text C:\windows\system32\Dwm.exe[3056] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef638de10 5 bytes JMP 000007fff6360110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3064] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075be5ea5 5 bytes JMP 00000001711b2840 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2732] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075c19d0b 5 bytes JMP 00000001711b27d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 0000000100060270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3096] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 0000000100060280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fefa512460 5 bytes JMP 000007fefd1e02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3208] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fefa5496b0 6 bytes JMP 000007fefd1e0298 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\conhost.exe[3216] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\svchost.exe[3344] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\System32\rundll32.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\wbem\wmiprvse.exe[3832] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Windows\System32\hkcmd.exe[4008] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\Windows\System32\igfxpers.exe[4012] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076fe64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\WINMM.dll!waveOutReset 000007fef83da38c 5 bytes JMP 000007fefd1d04b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\WINMM.dll!waveOutPause 000007fef83f4b60 5 bytes JMP 000007fefd1d0438 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef83f4ba0 5 bytes JMP 000007fefd1d03b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef2466944 5 bytes JMP 000007fefd1d0238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\DSOUND.dll!DirectSoundCreate 000007fef2485a84 5 bytes JMP 000007fefd1d01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef147815c 5 bytes JMP 000007fefd1d02b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3292] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef1478968 5 bytes JMP 000007fefd1d0338 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076fe64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\WINMM.dll!waveOutReset 000007fef83da38c 5 bytes JMP 000007fefd1d02b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\WINMM.dll!waveOutPause 000007fef83f4b60 5 bytes JMP 000007fefd1d0238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef83f4ba0 5 bytes JMP 000007fefd1d01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076fe64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\WINMM.dll!waveOutReset 000007fef83da38c 5 bytes JMP 000007fefd1d02b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\WINMM.dll!waveOutPause 000007fef83f4b60 5 bytes JMP 000007fefd1d0238 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef83f4ba0 5 bytes JMP 000007fefd1d01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2180] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[1732] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076fe64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[276] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076fe64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\WINMM.dll!waveOutReset 000007fef83da38c 5 bytes JMP 000007fefd1d02b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\WINMM.dll!waveOutPause 000007fef83f4b60 5 bytes JMP 000007fefd1d0238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef83f4ba0 5 bytes JMP 000007fefd1d01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2892] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075be5ea5 5 bytes JMP 00000001711b2840 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4256] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075c19d0b 5 bytes JMP 00000001711b27d0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768948b3 5 bytes JMP 0000000110002710 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000768948cb 5 bytes JMP 00000001100027f0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768948fd 5 bytes JMP 0000000110002780 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075be5ea5 5 bytes JMP 00000001711b2840 .text C:\Users\wyszo\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[4612] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075c19d0b 5 bytes JMP 00000001711b27d0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\taskeng.exe[4648] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\windows\system32\taskeng.exe[4648] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\SearchIndexer.exe[4740] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\windows\system32\wbem\unsecapp.exe[4824] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768948b3 5 bytes JMP 0000000110002710 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000768948cb 5 bytes JMP 00000001100027f0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768948fd 5 bytes JMP 0000000110002780 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\user32.DLL!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075be5ea5 5 bytes JMP 00000001711b2840 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075c19d0b 5 bytes JMP 00000001711b27d0 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000002791401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000002791419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000002791431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000279144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000027914dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000027914f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000279150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000002791525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000279153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000002791555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000279156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000002791585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000279159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000027915b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000027915cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000027916b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[4856] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000027916bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\kernel32.dll!CreateFileW 0000000076893efc 4 bytes JMP 00000001628f2c50 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\kernel32.dll!CreateFileW + 5 0000000076893f01 8 bytes {MOV ESP, EBP; POP RBP; JMP 0xffffffffec05ed4f} .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768948b3 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000768948cb 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768948fd 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!SetWindowPos 0000000076b18e4e 5 bytes JMP 00000001628f2ac0 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!ShowWindow 0000000076b20dfb 5 bytes JMP 00000001628f2920 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!SetFocus 0000000076b22175 5 bytes JMP 00000001628f2a00 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!SetActiveWindow 0000000076b23208 5 bytes JMP 00000001628f2b90 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!BringWindowToTop 0000000076b27b3b 13 bytes JMP 00000001628f26c0 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!SetForegroundWindow 0000000076b3f170 13 bytes JMP 00000001628f2600 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!SwitchToThisWindow 0000000076b590fc 13 bytes JMP 00000001628f2780 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\USER32.dll!ShowWindowAsync 0000000076b77d97 5 bytes JMP 00000001628f2840 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\ole32.dll!DoDragDrop 0000000075cda93f 4 bytes JMP 00000001628f2540 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\ole32.dll!DoDragDrop + 5 0000000075cda944 8 bytes {MOV ESP, EBP; POP RBP; JMP 0xffffffffecc17bfc} .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772a1555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076fe64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\WINMM.dll!waveOutReset 000007fef83da38c 5 bytes JMP 000007fefd1d02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\WINMM.dll!waveOutPause 000007fef83f4b60 5 bytes JMP 000007fefd1d0238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5100] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef83f4ba0 5 bytes JMP 000007fefd1d01b8 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768948b3 5 bytes JMP 0000000100802710 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000768948cb 5 bytes JMP 00000001008027f0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768948fd 5 bytes JMP 0000000100802780 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000050d1401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000050d1419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000050d1431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000050d144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000050d14dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000050d14f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000050d150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000050d1525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000050d153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!EnumProcesses + 17 00000000050d1555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000050d156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000050d1585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000050d159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000050d15b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000050d15cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000050d16b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[3740] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000050d16bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768948b3 5 bytes JMP 00000001004a2710 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000768948cb 5 bytes JMP 00000001004a27f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768948fd 5 bytes JMP 00000001004a2780 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000021401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000021419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000021431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000002144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000000214dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000000214f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000002150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000021525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000002153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000021555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000002156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000021585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000002159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000000215b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000000215cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000000216b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000000216bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075be5ea5 5 bytes JMP 00000001711b2840 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4916] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075c19d0b 5 bytes JMP 00000001711b27d0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076898769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772a1555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4392] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768948b3 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000768948cb 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768948fd 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075be5ea5 5 bytes JMP 00000001711b2840 .text C:\Program Files (x86)\QOMO\Flow!Works\Driver\Driver\board_driver.exe[4444] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075c19d0b 5 bytes JMP 00000001711b27d0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1fcec0 5 bytes JMP 000007fffd1d0038 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe[1884] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 768bb20b C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 768bb336 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 76938f39 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 76894885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 76938832 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 76938a08 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 76938728 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 76938af2 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 768afc98 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772a1555 2 bytes JMP 768b68df C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 76938ff1 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 76938b52 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 769386ec C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 768afd31 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 768bb2cc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 76938eb4 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2920] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 76938681 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\wbem\wmiprvse.exe[5564] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 0000000100060460 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 0000000100060450 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 0000000100060370 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 0000000100060470 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000001000603e0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 0000000100060320 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000001000603b0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 0000000100060390 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000001000602e0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000001000602d0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 0000000100060310 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000001000603c0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000001000603f0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 0000000100060230 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 0000000100060480 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000001000603a0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000001000602f0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 0000000100060350 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 0000000100060290 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000001000602b0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000001000603d0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 0000000100060330 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 0000000100060410 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 0000000100060240 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 0000000100060250 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 0000000100060490 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 0000000100060300 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 0000000100060360 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000001000602a0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000001000602c0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 0000000100060380 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 0000000100060340 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 0000000100060440 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 0000000100060260 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 0000000100060270 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 0000000100060400 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 0000000100060210 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 0000000100060200 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 0000000100060420 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 0000000100060430 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 0000000100060220 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 0000000100060280 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000076fda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076fe3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076ffffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007700f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077039a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077049510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077068830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1f3460 7 bytes JMP 000007fffd1e00d8 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1fac50 1 byte JMP 000007fffd1e0148 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd1fac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1fb2c0 5 bytes JMP 000007fffd1e0180 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1fb460 5 bytes JMP 000007fffd1e0110 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7a89d0 8 bytes JMP 000007fffd1e01f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7abe40 8 bytes JMP 000007fffd1e01b8 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefedc74a0 11 bytes JMP 000007fffd1e0228 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5528] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeddbf10 7 bytes JMP 000007fffd1e0260 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007713da60 5 bytes JMP 00000000772a0460 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007713dab0 5 bytes JMP 00000000772a0450 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007713dc10 5 bytes JMP 00000000772a0370 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007713dc60 5 bytes JMP 00000000772a0470 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007713dc70 5 bytes JMP 00000000772a03e0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007713dd20 5 bytes JMP 00000000772a0320 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007713dd50 5 bytes JMP 00000000772a03b0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007713dd70 5 bytes JMP 00000000772a0390 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007713ddb0 5 bytes JMP 00000000772a02e0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007713de30 5 bytes JMP 00000000772a02d0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007713de50 5 bytes JMP 00000000772a0310 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007713de90 5 bytes JMP 00000000772a03c0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007713dee0 5 bytes JMP 00000000772a03f0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007713e040 5 bytes JMP 00000000772a0230 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007713e200 5 bytes JMP 00000000772a0480 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007713e230 5 bytes JMP 00000000772a03a0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007713e310 5 bytes JMP 00000000772a02f0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007713e320 5 bytes JMP 00000000772a0350 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007713e380 5 bytes JMP 00000000772a0290 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007713e410 5 bytes JMP 00000000772a02b0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007713e430 5 bytes JMP 00000000772a03d0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007713e440 5 bytes JMP 00000000772a0330 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007713e4b0 5 bytes JMP 00000000772a0410 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007713e4e0 5 bytes JMP 00000000772a0240 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007713e7a0 5 bytes JMP 00000000772a01e0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007713e860 5 bytes JMP 00000000772a0250 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007713e890 5 bytes JMP 00000000772a0490 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007713e8a0 5 bytes JMP 00000000772a04a0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007713e8d0 5 bytes JMP 00000000772a0300 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007713e8e0 5 bytes JMP 00000000772a0360 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007713e940 5 bytes JMP 00000000772a02a0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007713e990 5 bytes JMP 00000000772a02c0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007713e9c0 5 bytes JMP 00000000772a0380 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007713e9d0 5 bytes JMP 00000000772a0340 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007713ecc0 5 bytes JMP 00000000772a0440 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007713eec0 5 bytes JMP 00000000772a0260 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007713eed0 5 bytes JMP 00000000772a0270 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007713eee0 5 bytes JMP 00000000772a0400 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007713f0a0 5 bytes JMP 00000000772a01f0 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007713f0b0 5 bytes JMP 00000000772a0210 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007713f120 5 bytes JMP 00000000772a0200 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007713f180 5 bytes JMP 00000000772a0420 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007713f190 5 bytes JMP 00000000772a0430 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007713f1a0 5 bytes JMP 00000000772a0220 .text C:\windows\system32\AUDIODG.EXE[4536] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007713f280 5 bytes JMP 00000000772a0280 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076891eee 7 bytes JMP 00000001711b3880 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076895b85 7 bytes JMP 00000001711b3ec0 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000768a13e1 7 bytes JMP 00000001711b3ad0 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768aea35 7 bytes JMP 00000001711b3870 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076938eb4 7 bytes JMP 00000001711b33c0 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076938f39 5 bytes JMP 00000001711b3470 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007693928f 5 bytes JMP 00000001711b33d0 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766f1d29 5 bytes JMP 00000001711b3380 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766f1dd7 5 bytes JMP 00000001711b3340 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766f2ab1 5 bytes JMP 00000001711b3480 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766f2d1d 5 bytes JMP 00000001711b3190 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007666d2b4 5 bytes JMP 00000001711b29a0 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007666d4ee 5 bytes JMP 00000001711b29c0 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 00000001711b2880 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000001711b3110 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 00000001711b3180 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 00000001711b2700 .text C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe[5960] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000001711b3100 ---- Processes - GMER 2.1 ---- Library C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll (*** suspicious ***) @ C:\Users\wyszo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [4856](2015-02-13 11:15:16) 0000000003a80000 Process C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe (*** suspicious ***) @ C:\Users\wyszo\AppData\Local\Temp\7zOCE55807B\jhnmqgsg.exe [5960](2015-02-04 12:59:56) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5952e67 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5952e67 (not active ControlSet) ---- EOF - GMER 2.1 ----