GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-12 20:49:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: 7bmxbtnq.exe; Driver: C:\Users\Grzesiek\AppData\Local\Temp\uwdoifob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000149b30460 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000149b30450 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000149b30370 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000149b30470 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000149b303e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000149b30320 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000149b303b0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000149b30390 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000149b302e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000149b302d0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000149b30310 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000149b303c0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000149b303f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000149b30230 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000149b30480 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000149b303a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000149b302f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000149b30350 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000149b30290 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000149b302b0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000149b303d0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000149b30330 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000149b30410 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000149b30240 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000149b301e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000149b30250 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000149b30490 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000149b304a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000149b30300 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000149b30360 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000149b302a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000149b302c0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000149b30380 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000149b30340 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000149b30440 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000149b30260 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000149b30270 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000149b30400 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000149b301f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000149b30210 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000149b30200 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000149b30420 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000149b30430 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000149b30220 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000149b30280 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\winlogon.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\WLANExt.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\Crsoft\crsvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\svchost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Roaming\TSv\TSvr.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073dd17fa 2 bytes CALL 76a911a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073dd1860 2 bytes CALL 76a911a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073dd1942 2 bytes JMP 773d7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073dd194d 2 bytes JMP 773dcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\DllHost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1WdsManPro1\WdsManPro.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\A8187454-1442618321-21E7-006D-B4B52F29A7E8\knsz7EDE.tmpfs[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3556] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\System32\rundll32.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Grzesiek\AppData\Local\gmsd_pl_005010107\upgmsd_pl_005010107.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Program Files\Windows Sidebar\sidebar.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\SearchIndexer.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5108] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076a98769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010106\gmsd_pl_005010106.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010107\gmsd_pl_005010107.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779e1401 2 bytes JMP 76abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779e1419 2 bytes JMP 76abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779e1431 2 bytes JMP 76b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779e144a 2 bytes CALL 76a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779e14dd 2 bytes JMP 76b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779e14f5 2 bytes JMP 76b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779e150d 2 bytes JMP 76b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779e1525 2 bytes JMP 76b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779e153d 2 bytes JMP 76aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779e1555 2 bytes JMP 76ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779e156d 2 bytes JMP 76b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779e1585 2 bytes JMP 76b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779e159d 2 bytes JMP 76b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779e15b5 2 bytes JMP 76aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779e15cd 2 bytes JMP 76abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779e16b2 2 bytes JMP 76b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\gmsd_pl_005010109\gmsd_pl_005010109.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779e16bd 2 bytes JMP 76b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\System32\svchost.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c5da60 5 bytes JMP 0000000077dc0460 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c5dab0 5 bytes JMP 0000000077dc0450 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c5dc10 5 bytes JMP 0000000077dc0370 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c5dc60 5 bytes JMP 0000000077dc0470 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c5dc70 5 bytes JMP 0000000077dc03e0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c5dd20 5 bytes JMP 0000000077dc0320 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c5dd50 5 bytes JMP 0000000077dc03b0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c5dd70 5 bytes JMP 0000000077dc0390 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c5ddb0 5 bytes JMP 0000000077dc02e0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c5de30 5 bytes JMP 0000000077dc02d0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c5de50 5 bytes JMP 0000000077dc0310 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c5de90 5 bytes JMP 0000000077dc03c0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c5dee0 5 bytes JMP 0000000077dc03f0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c5e040 5 bytes JMP 0000000077dc0230 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c5e200 5 bytes JMP 0000000077dc0480 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c5e230 5 bytes JMP 0000000077dc03a0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c5e310 5 bytes JMP 0000000077dc02f0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c5e320 5 bytes JMP 0000000077dc0350 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c5e380 5 bytes JMP 0000000077dc0290 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c5e410 5 bytes JMP 0000000077dc02b0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c5e430 5 bytes JMP 0000000077dc03d0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c5e440 5 bytes JMP 0000000077dc0330 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c5e4b0 5 bytes JMP 0000000077dc0410 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c5e4e0 5 bytes JMP 0000000077dc0240 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c5e7a0 5 bytes JMP 0000000077dc01e0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c5e860 5 bytes JMP 0000000077dc0250 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c5e890 5 bytes JMP 0000000077dc0490 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c5e8a0 5 bytes JMP 0000000077dc04a0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c5e8d0 5 bytes JMP 0000000077dc0300 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c5e8e0 5 bytes JMP 0000000077dc0360 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c5e940 5 bytes JMP 0000000077dc02a0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c5e990 5 bytes JMP 0000000077dc02c0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c5e9c0 5 bytes JMP 0000000077dc0380 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c5e9d0 5 bytes JMP 0000000077dc0340 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c5ecc0 5 bytes JMP 0000000077dc0440 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c5eec0 5 bytes JMP 0000000077dc0260 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c5eed0 5 bytes JMP 0000000077dc0270 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c5eee0 5 bytes JMP 0000000077dc0400 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c5f0a0 5 bytes JMP 0000000077dc01f0 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c5f0b0 5 bytes JMP 0000000077dc0210 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c5f120 5 bytes JMP 0000000077dc0200 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c5f180 5 bytes JMP 0000000077dc0420 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c5f190 5 bytes JMP 0000000077dc0430 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c5f1a0 5 bytes JMP 0000000077dc0220 .text C:\Windows\system32\taskhost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c5f280 5 bytes JMP 0000000077dc0280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1260:3588] 000007fef8005170 Thread C:\Windows\System32\spoolsv.exe [1672:3416] 000007fef6c610c8 Thread C:\Windows\System32\spoolsv.exe [1672:3428] 000007fef6c06144 Thread C:\Windows\System32\spoolsv.exe [1672:3432] 000007fef93f5fd0 Thread C:\Windows\System32\spoolsv.exe [1672:3440] 000007fef6bd3438 Thread C:\Windows\System32\spoolsv.exe [1672:3444] 000007fef93f63ec Thread C:\Windows\System32\spoolsv.exe [1672:3460] 000007fefb3e5e5c Thread C:\Windows\System32\spoolsv.exe [1672:3472] 000007fef6d65074 Thread C:\Windows\System32\spoolsv.exe [1672:3664] 000007fef6dd2288 Thread C:\Windows\system32\svchost.exe [4160:4352] 0000000070feb5fc Thread C:\Windows\system32\svchost.exe [4160:4356] 0000000074311760 Thread C:\Windows\system32\svchost.exe [4160:4372] 0000000074358b1c Thread C:\Windows\system32\svchost.exe [4160:4376] 000000007435c740 Thread C:\Windows\system32\svchost.exe [4160:4380] 000000007436498c Thread C:\Windows\system32\svchost.exe [4160:4404] 00000000715d2234 Thread C:\Windows\system32\svchost.exe [4160:4408] 0000000071010398 Thread C:\Windows\system32\svchost.exe [4160:4420] 00000000715d3de4 Thread C:\Windows\system32\svchost.exe [4160:4424] 0000000070fe6394 Thread C:\Windows\System32\svchost.exe [7024:6560] 000007feeb249688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1620] (GG drive overlay/GG Network S.A.)(2013-06-14 10:02:35) 000000005c080000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2292] 000000006fbc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2292](2012-09-01 05:02:39) 000000006e940000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2292](2 000000006a1c0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2292](2012-09-01 05:02:39) 000000006ff00000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2292](2012-09-01 05:02:40) 000000006efc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2292](201 000000006ed40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ae298d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ae298d@e4b02135ba01 0x33 0xE0 0x8F 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ae298d@60d0a9e1e79b 0x48 0x47 0x2B 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ae298d@547975abfb38 0x77 0xFC 0x64 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ae298d@44d4e0152eae 0x2A 0x8E 0xD4 0xC4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFF 0x03 0xC4 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0x84 0xD3 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0xEC 0x32 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x08 0x46 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ae298d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ae298d@e4b02135ba01 0x33 0xE0 0x8F 0x50 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ae298d@60d0a9e1e79b 0x48 0x47 0x2B 0x08 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ae298d@547975abfb38 0x77 0xFC 0x64 0x0C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ae298d@44d4e0152eae 0x2A 0x8E 0xD4 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFF 0x03 0xC4 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0x84 0xD3 0xBE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0xEC 0x32 0xD0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x08 0x46 0x41 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Grzesiek\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- EOF - GMER 2.1 ----