GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-08 19:00:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Crucial_CT240M500SSD1 rev.MU03 223,57GB Running: jhnmqgsg.exe; Driver: C:\Users\8460p\AppData\Local\Temp\pwddakod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 0000000149c50450 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 0000000149c50440 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0xffffffffd24d2990} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 0000000149c50360 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 0000000149c50460 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 0000000149c503d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 0000000149c50310 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 0000000149c503a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 0000000149c50380 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 0000000149c502d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 0000000149c502c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0xffffffffd24d2490} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 0000000149c50300 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 0000000149c503b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 0000000149c503e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 0000000149c50220 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 0000000149c50470 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 0000000149c50390 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 0000000149c502e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 0000000149c50340 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 0000000149c50280 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 0000000149c502a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0xffffffffd24d1e90} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 0000000149c503c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0xffffffffd24d1f90} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 0000000149c50320 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 0000000149c50400 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 0000000149c50230 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 0000000149c501d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 0000000149c50240 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 0000000149c50480 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 0000000149c50490 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 0000000149c502f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 0000000149c50350 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 0000000149c50290 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 0000000149c502b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 0000000149c50370 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 0000000149c50330 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 0000000149c50430 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 0000000149c50250 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0xffffffffd24d1390} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 0000000149c50260 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0xffffffffd24d1390} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 0000000149c503f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 0000000149c501e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 0000000149c50200 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 0000000149c501f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 0000000149c50410 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0xffffffffd24d1290} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 0000000149c50420 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0xffffffffd24d1290} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 0000000149c50210 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 0000000149c50270 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 0000000100040450 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 0000000100040440 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0xffffffff888c2990} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 0000000100040360 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 0000000100040310 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 0000000100040380 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000001000402c0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0xffffffff888c2490} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 0000000100040300 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 0000000100040220 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 0000000100040470 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 0000000100040390 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 0000000100040340 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000001000402a0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0xffffffff888c1e90} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000001000403c0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0xffffffff888c1f90} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 0000000100040320 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 0000000100040230 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000001000401d0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 0000000100040240 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 0000000100040480 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 0000000100040490 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 0000000100040350 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 0000000100040290 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 0000000100040370 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 0000000100040330 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 0000000100040430 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 0000000100040250 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0xffffffff888c1390} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 0000000100040260 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0xffffffff888c1390} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 0000000100040200 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 0000000100040410 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0xffffffff888c1290} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 0000000100040420 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0xffffffff888c1290} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 0000000149c50450 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 0000000149c50440 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0xffffffffd24d2990} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 0000000149c50360 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 0000000149c50460 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 0000000149c503d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 0000000149c50310 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 0000000149c503a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 0000000149c50380 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 0000000149c502d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 0000000149c502c0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0xffffffffd24d2490} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 0000000149c50300 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 0000000149c503b0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 0000000149c503e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 0000000149c50220 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 0000000149c50470 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 0000000149c50390 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 0000000149c502e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 0000000149c50340 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 0000000149c50280 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 0000000149c502a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0xffffffffd24d1e90} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 0000000149c503c0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0xffffffffd24d1f90} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 0000000149c50320 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 0000000149c50400 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 0000000149c50230 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 0000000149c501d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 0000000149c50240 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 0000000149c50480 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 0000000149c50490 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 0000000149c502f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 0000000149c50350 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 0000000149c50290 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 0000000149c502b0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 0000000149c50370 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 0000000149c50330 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 0000000149c50430 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 0000000149c50250 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0xffffffffd24d1390} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 0000000149c50260 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0xffffffffd24d1390} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 0000000149c503f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 0000000149c501e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 0000000149c50200 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 0000000149c501f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 0000000149c50410 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0xffffffffd24d1290} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 0000000149c50420 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0xffffffffd24d1290} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 0000000149c50210 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 0000000149c50270 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0xffffffff888f2990} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0xffffffff888f2490} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0xffffffff888f1e90} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0xffffffff888f1f90} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0xffffffff888f1390} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0xffffffff888f1390} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0xffffffff888f1290} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0xffffffff888f1290} .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Program Files\NetLimiter 3\nlsvc.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\taskhost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE[2692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\hkcmd.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\igfxpers.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\WLANExt.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 00000000778e0440 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000000778e02c0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000000778e02a0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000000778e03c0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000000778e01d0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 00000000778e0250 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 00000000778e0260 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 00000000778e0410 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 00000000778e0420 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\taskeng.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007777da60 5 bytes JMP 0000000100080450 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007777dab0 1 byte JMP 0000000100080440 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007777dab2 3 bytes {JMP 0xffffffff88902990} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007777dc10 5 bytes JMP 0000000100080360 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007777dc60 5 bytes JMP 0000000100080460 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007777dc70 5 bytes JMP 00000001000803d0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007777dd20 5 bytes JMP 0000000100080310 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007777dd50 5 bytes JMP 00000001000803a0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007777dd70 5 bytes JMP 0000000100080380 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007777ddb0 5 bytes JMP 00000001000802d0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007777de30 1 byte JMP 00000001000802c0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007777de32 3 bytes {JMP 0xffffffff88902490} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007777de50 5 bytes JMP 0000000100080300 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007777de90 5 bytes JMP 00000001000803b0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007777dee0 5 bytes JMP 00000001000803e0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007777e040 5 bytes JMP 0000000100080220 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007777e200 5 bytes JMP 0000000100080470 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007777e230 5 bytes JMP 0000000100080390 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007777e310 5 bytes JMP 00000001000802e0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007777e320 5 bytes JMP 0000000100080340 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007777e380 5 bytes JMP 0000000100080280 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007777e410 1 byte JMP 00000001000802a0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007777e412 3 bytes {JMP 0xffffffff88901e90} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007777e430 1 byte JMP 00000001000803c0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007777e432 3 bytes {JMP 0xffffffff88901f90} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007777e440 5 bytes JMP 0000000100080320 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007777e4b0 5 bytes JMP 0000000100080400 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007777e4e0 5 bytes JMP 0000000100080230 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007777e7a0 5 bytes JMP 00000001000801d0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007777e860 5 bytes JMP 0000000100080240 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007777e890 5 bytes JMP 0000000100080480 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007777e8a0 5 bytes JMP 0000000100080490 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007777e8d0 5 bytes JMP 00000001000802f0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007777e8e0 5 bytes JMP 0000000100080350 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007777e940 5 bytes JMP 0000000100080290 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007777e990 5 bytes JMP 00000001000802b0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007777e9c0 5 bytes JMP 0000000100080370 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007777e9d0 5 bytes JMP 0000000100080330 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007777ecc0 5 bytes JMP 0000000100080430 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007777eec0 1 byte JMP 0000000100080250 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007777eec2 3 bytes {JMP 0xffffffff88901390} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007777eed0 1 byte JMP 0000000100080260 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007777eed2 3 bytes {JMP 0xffffffff88901390} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007777eee0 5 bytes JMP 00000001000803f0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007777f0a0 5 bytes JMP 00000001000801e0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007777f0b0 5 bytes JMP 0000000100080200 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007777f120 5 bytes JMP 00000001000801f0 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007777f180 1 byte JMP 0000000100080410 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007777f182 3 bytes {JMP 0xffffffff88901290} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007777f190 1 byte JMP 0000000100080420 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007777f192 3 bytes {JMP 0xffffffff88901290} .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007777f1a0 5 bytes JMP 0000000100080210 .text C:\Windows\system32\msiexec.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007777f280 5 bytes JMP 0000000100080270 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fef2bcbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef2bca184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef2bca184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fef2bcbcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fef2bcba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fef2bcbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef2bcd12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fef2bca6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef2bca184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef2bca6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef2bcab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef2bca2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fef2bca184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef2bcab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef2bca890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef2bcbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fef2bca6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fef2bcaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef2bca2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fef2bcb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fef2bcba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileA] [7fef2bca2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\GPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fef2bca184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fef2bca2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fef2bcbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fef2bca6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef2bcabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef2bcb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef2bcb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fef2bcbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7fef2bca6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7fef2bca804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegDeleteValueA] [7fef2bcbb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegSetValueExA] [7fef2bcba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fefd314230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!DeleteFileW] [7fef2bca5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!CreateFileW] [7fef2bca42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegOpenKeyExA] [7fef2bcb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegDeleteValueW] [7fef2bcbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[608] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegSetValueExW] [7fef2bcbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2028:4588] 000007feeeaa9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af896bcc Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af896bcc (not active ControlSet) ---- EOF - GMER 2.1 ----